When it rains it pours. Earlier today, I wrote about adoption of the duty of technology competence by the Federation of Law Societies of Canada. Now comes word of another U.S. state adopting the duty, bringing the total number of states to 38.
The latest is South Carolina, where on the day before Thanksgiving, the Supreme Court of South Carolina approved a package of amendments to the state’s Rules of Professional Conduct, all based on the 2012 amendments to the ABA Model Rules of Professional Conduct, which included a duty of technology competence as embodied in ABA Model Rule 1.1, Comment 8.
The new South Carolina provision is a modified version of the ABA model rule. It is found in a new Comment 6 to Rule 1.1, and reads:
“To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including a reasonable understanding of the benefits and risks associated with technology the lawyer uses to provide services to clients or to store or transmit information related to the representation of a client, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
In its order, the Supreme Court also amended Rule 1.6, pertaining to confidentiality of information, to add a paragraph (c), which reads:
“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
It also amended Comment 20 to Rule 1.6 to read as follows:
Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules.
A More-Limited Rule?
As noted, South Carolina’s version of the comment differs from the model rule.
The model rule states generally that “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
But the South Carolina rule adds a restrictive clause to that, so that the duty extends only to “technology the lawyer uses to provide services to clients or to store or transmit information related to the representation of a client.”
I believe this does a disservice to clients — and to the very issue of competence this rule is intended to address. It is not enough for lawyers to understand the technology they use directly. It is critical that they also understand the technology their clients use and, even more broadly, how other technology issues may impact their clients and their clients’ matters.
In fact, if you read the handful of ethics and court opinions that have addressed the duty of technology competence, they are clear that a lawyer must have a degree of competence not only in their own technologies, but also in their clients’ systems and technologies.
So good for South Carolina for adopting this rule, but let’s hope it takes it a step further in a future amendment.