Referrals are the life-blood of any professional practice. A recent article from Entrepreneur discusses how you can put your customers to work for you. One of the best ways to get more referrals is the old-fashioned handwritten thank you note. It’s so rare these days that a simple note can definitely set you apart from the crowd.
What are ways you reward clients who refer you business?
Image via Wikipedia
In light of the recent ABA ethics opinion on client emails, this post on the Perils of Pirivilege and Client Email from the Oregon Law Practice Management Blog has some insightful information. The post contains language to include in a fee engagement letter regarding the use of unencrypted email. The warning language includes:
Therefore, we ask that you refrain from reading, downloading, or responding to attorney-client e-mail while at work.
This post was written in advance of the ABA ethics opinion so the suggested language may need to be tweaked slightly as the opinion cautioned that if the lawyer becomes aware that a client is receiving personal email on a workplace computer or other device owned or controlled by the employer, then a duty arises to caution the client not to do so, and if that caution is not heeded, to cease sending messages even to personal email addresses. So it may not not be acceptable for a lawyer to say he or she will abiide by the client’s instructions and directions regarding the use of enecrypted email.
The warnings described in the ABA opinion remind me of when lawyers started using email and many of us provided a full page disclaimer on the “dangers” of using email. Clients just looked at me with a funny look every time I asked them to sign it. For most of my clients, it appears I may be headed back to those times.
Image via Wikipedia
There are a myriad of articles discussing the professional ethics, security and protection of data when using SaaS applications and cloud computing. Don’t get me wrong; I believe the issues and concerns presented are important to consider and discuss.
But it did get me thinking a little bit. Just how secure are your files at your physical office? In many ways, SaaS application providers could actually argue files are safer in the cloud than files in the filing cabinets of law offices throughout the country. After all, how many lawyers have locks on their file cabinets? How many lawyers leave files on their desks every night and on the weekends? How many offices have security systems in place? What if a flood occurs or other natural disaster?
Just food for thought.
A new ABA ethics opinion addressed the duty of confidentiality when sending emails to clients. Lawyers using email to communicate with their clients definitely need to read the opinion.
In summary the opinion states:
A lawyer sending or receiving substantive communications with a client via email or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or email account, where there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client-lawyer communications via email or other electronic means, using a business device or system under circumstances where there is a significant risk that the communications will be read by the employer or another third party.
An insightful blog post on the subject is written by Stephanie Kimbro on her Virtual Law Practice Blog. Stephanie advocates the use of encrypted email or using a system that allows the client to login to a secure encrypted area to communicate, such as a virtual law office portal. She makes valid points. Other virtual law advocates and companies like MyCase also believe its time to bail on email.
But is it really time to abandon unencrypted email completely? A comment to Stephanie’s post by Carolyn Elefant likely represents the sentiments of most lawyers on the email topic. Caroyln points out that there is a big difference in using encrypted email when there is a known threat and using encrypted email all the time. Carolyn appropriately asks whether we really need more barriers to communicate with our clients?
A degree of common sense must be exercised. If a client is suing their employer (like in the opinion’s fact pattern), it only makes sense that the lawyer should warn the client about the risks of accessing emails or other messages (whether encrypted, unencrypted, or messages in a virtual law portal), while using the employer’s computer equipment or mobile devices. There is a risk of disclosure if a message was accessed on the employer’s computer or mobile device regardless of how a message is sent. The same is true if the message was sent to gmail or other personal email account and accessed by the client at the workplace. Most corporate employer technology policies will state that the employer owns the equipment, that monitoring may occur and that there is no expectation of privacy using the employer’s equipment. As the ethics opinion states, a much better solution in these instances is that the lawyer would advise the client not to communicate with the lawyer using the employer’s computer devices at all.
Protective measures would include the lawyer refraining from sending emails to the client’s workplace, as distinct from personal email address, and cautioning the client against using a business email account or using a personal email account on a workplace computer or device at least for substantive emails with counsel.
And, in footnote 7 of the opinion, lawyers are cautioned that if the lawyer becomes aware that a client is receiving personal email on a workplace computer or other device owned or controlled by the employer, then a duty arises to caution the client not to do so, and if that caution is not heeded, to cease sending messages even to personal email addresses.
Some lawyers like legal technology blogger Nicole Black question whether the opinion is a step forward or a step back. Black wonders whether opinions like this will hold lawyers back from using emerging technologies like cloud computing. I agree that the opinion may have some broad implications, especially concerning the access by third parties in public settings, but at the end of the day perhaps we’re making this a little more complicated than it needs to be. After all, where would you send a snail mail letter to your client regarding their case against the employer: a) to the employer’s address and place of business? or b) to the client’s home?
The lastest issue of Law Practice Magazine has an excellent article by Kathryn Thompson entitled, Using Online Service Providers – Where the Duty of Confidentiality Reigns. It is important to understand your professional ethics’ obligations if you plan on using SaaS applications or cloud computing. This article provides a general framework of issues to consider when you use virtual practice tools.
According to Thompson, lawyers should:
The last suggestion is why our NotifyWorks system sends out a verification message on your behalf when you set up a client into your database. This message, which can also be customized by you in the Settings menu, indicates that the client gives you permission to use the NotifyWorks system to communicate with them when they verify their email address. It also serves a dual purpose by making sure the correct email address is entered into the system and allows the client to make any necessary adjustments to spam or other filters.
Image by turtlemom4bacon via Flickr
The Iowa State Bar Association Committee on Ethics and Practice Guidelines recently addressed whether a lawyer or law firm may utilize what is known as a “software as a service” or “SaaS”.
Because SaaS involves storing client information on computer servers that are not owned and operated by the lawyer or law firm, lawyers have questioned whether SaaS can be used in light of Iowa Rule of Professional Conduct 32:1.6 Comment [17] which states in part that “a lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.” The rule also states that factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentialty include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.
The commttee opined that the rule establishes a reasonable and flexible approach to guide a lawyer’s use of ever-changing technology. It recognizes that the degree of protection to be afforded client information varies with the client, matter and information involved. But it also places on the lawyer the obligation to perform due diligence to assess the degree of protection that will be needed and to act accordingly. In that regard the committee wrote:
Access to stored data and data protection should be taken into consideration when performing due diligence. Whatever form of SaaS is used, the lawyer must ensure that there is unfettered access to the data when it is needed. Likewise the lawyer must be able to determine the nature and degree of protection that will be afforded the data while residing elsewhere.
Read the full opinion here which covers in detail the type of due dligence an Iowa lawyer should conduct when selecting a SaaS technology provider.
NotifyWorks is a SaaS provider as described in the opinion. We store only generic notification templates in our library or those the lawyer chooses to enter for their use. NotifyWorks is not a document management or storage system. You as the lawyer need to keep confidentiality issues in mind when creating any new templates in your library and when you send notifications to clients. We do NOT recommend placing sensitive confidential information or substantive legal advice in notifications to clients. NotifyWorks is designed to provide short notifications on legal matters that shouldn’t require extensive disclosure of confidential information. Further, lawyers have unfettered access access to their data and the data entered by the lawyer in the NotifyWorks’ system belongs to the lawyer and receives it back if the lawyer ever stops using our service.
