The Colorado Bar Association Ethics Committee released Opinion 149 about ethical obligations for lawyers who engage in a virtual practice.
The opinion, dated March 8, discusses Colorado Rules of Professional Conduct 1.1 about competence, 1.3 about diligence, 1.4 about communication, 1.6 about confidentiality, 5.1 and 5.3 both about proper supervision and 5.5 about the unauthorized practice of law.
The American Bar Association published two opinions addressing virtual practice since 2020, Formal Opinion 495 and Opinion 498. The CBA Ethics Committee compared state rules with ABA guidance in Opinion 149 and summarized some practice guidelines for attorneys who work remotely, either full-time or in a hybrid setting.
Competence
Rule 1.1 and the ABA Model Rule 1.1 both discuss competency, but the CBA committee noted the ABA rule takes the requirement one step further with respect to technology. The ABA rule states lawyers need to maintain their knowledge and skills in the practice of law “including the benefits and risks associated with relevant technology.”
The state’s Rule 1.1 doesn’t specifically mention the benefits and risks of technology, but it does note attorneys should stay aware of changes in “communications and other relevant technologies.”
Diligence
Rule 1.3 requires attorneys to act diligently, promptly responding to clients. The ABA interpreted Model Rule 1.3 to indicate lawyers are held to the same diligence standards when practicing virtually.
The state committee urged lawyers with virtual practices to safeguard client interests by creating contingency and succession plans, even if it’s not a technical requirement of the state’s rule. In particular, the Ethics Committee highlighted this need for solo practitioners.
Communication
Colorado’s Rule 1.4 is identical to the ABA’s Model Rule 1.4 and neither rule limits the communication obligations of lawyers to only face-to-face interactions. The state’s Ethics Committee noted attorneys need to ensure clients using different media to communicate with counsel will be able to inform and consult with them as required.
The committee explained lawyers should always ensure client communications are received and understood, regardless of how they were transmitted. “It is important to note that whether confirmation from the client that the virtual information has been sufficiently received and understood may depend on the facts of the situation, such as the sophistication of the client or the complexity of the information being conveyed,” the committee stated.
The communications obligations for attorneys may require lawyers to follow up with clients to discuss their communication, even if a follow-up uses a different communication method than how the client originally contacted them.
Confidentiality
Comment 18 to Rule 1.6 covers the reasonableness of efforts to safeguard a client’s confidential information. The rule’s comments note the responsibility doesn’t require special security methods “if the method of communication affords a reasonable expectation of privacy.” But special circumstances may warrant special precautions from the lawyer, the committee noted.
If the information is sensitive and the communication isn’t adequately “protected by law or confidentiality agreement,” an attorney needs to make “reasonable efforts” to secure the information. Virtual practice and virtual communications requires a fact-specific analysis to determine “reasonable efforts.”
Proper Supervision
Opinion 149 noted Rules 5.1 and 5.3 require lawyers who supervise other lawyers to make reasonable efforts to ensure the lawyers they oversee are conforming to the state’s professional conduct rules.
Both the CBA committee and the ABA concluded practicing virtually doesn’t change or diminish the obligation of attorneys in supervisory or managerial roles.
“If anything, practicing virtually may enhance these obligations,” the CBA committee noted. “Managerial lawyers practicing virtually must create and tailor policies and practices that ensure all firm members and internal or external assistants operate in accordance with the lawyer’s obligations that firm tasks are completed in a competent, timely, and secure manner.”
Wisconsin’s ethics committee has suggested ways attorneys can achieve the right level of supervision remotely, encouraging lawyers to conduct regular videoconference meetings. Meetings can and should likely involve collaboration, communication and regular mandatory training.
Unauthorized Practice of Law
The committee explained at least 10 states have addressed the issue of the law of other jurisdictions regarding virtual practice, mostly through their own versions of Model Rule 5.5.
A lawyer admitted to practice in Colorado needs to determine if the law of other jurisdictions permits them to practice remotely in that jurisdiction. If Colorado lawyers practice remotely in jurisdictions they aren’t permitted to practice in, the lawyer may be in violation of the law of the other jurisdiction and Colorado Rule 5.5(a)(2).
Recommendations
The CBA committee summarized some suggested general practice guidelines for attorneys who practice virtually, either full-time or in a hybrid setting.
For hardware and software, the committee recommended all devices be protected with reasonable security measures. It also noted USB drives and other external drives should be avoided unless they’re owned, authorized or supplied by the attorney’s law firm. Utilizing outside IT professionals to aid with technology and security isn’t a requirement in Colorado, but the committee asserted it’s a prudent practice. Attorneys are also advised not to open suspicious attachments or click on unusual links or ads. Using sites with enhanced security, like those beginning with HTTPS, may also be practical.
For access to client files and data, the committee advised lawyers using a cloud service to choose a reputable company and take reasonable steps to ensure confidentiality is preserved. Lawyers are also advised to regularly back up data in the event of a data loss, while remaining aware of statutory requirements regarding data breaches. Attorneys may want to adopt or draft a data breach policy of their own.
For virtual meetings, attorneys should ensure recordings and transcripts are secured and the clients consent to platform meeting recording. Additional steps should be taken for attorneys who work in a home or other remote location where third parties may overhear or see the meeting. Additional advice included using up-to-date versions of meeting apps, not making meetings public, requiring meeting passwords, not sharing meeting links on social media or other unsecured platforms, providing guests with the links directly and managing screen sharing.
Finally, the committee warned attorneys that smart speakers, virtual assistants and other technology with listening-enabled features may be monitoring or recording conversations. Features on devices like this should be disabled unless it’s being used to assist in the lawyer’s practice and they’ve ensured terms of service protect client confidentiality.