Practical Advice for Virtual Law Offices

Last week we discussed the ethical implications of WSBA Advisory Opinion 201601, “Ethical Practices of the Virtual Law Office.”  As the Committee on Professional Ethics noted, virtual practitioners must take care with supervision, confidentiality, avoiding misrepresentation, and conflicts of interest.  Understandable, but what exactly does that mean?  Here is some practical advice.

online-1799664__480

Adequate supervision in a virtual workplace

In a virtual workplace lawyers and staff don’t work in proximity.  How do you ensure that remote workers receive “adequate supervision?”  The WSBA opinion mentions taking “additional measures,” but does not describe what those may be. Virtual employers should consider the following:

  1. Establish policies just as you would in a traditional office setting:  dedicated working hours when employees are expected to be within reach of their phones or computers; vacation allowance; sick leave policy; how you will measure performance; and so on.
  2. Create procedures for employees to follow.  Specifically, how will you distribute assignments and exchange completed work?  Technology is bound to be the solution, so see the discussion below about confidentiality.  Remember to address the “mundane” office tasks too: calendaring, accounting, conflict checking, etc.
  3. Require all remote workers to sign a confidentiality pledge or agreement.  The Professional Liability Fund has samples on its website.
  4. Get fully educated about legalities:  “In 2011, an Oregon appeals court found in favor of a J.C. Penney Co. Inc. home decorator who was injured after she tripped over her dog while working at home. Although the state workers’ compensation board had held her injuries were not work-related, the appeals court reversed, finding the employee had been working from her home as a term and condition of employment.”
    On-the-job injuries aren’t the only problem: be aware of Fair Labor Standards Act troubles, choice of jurisdiction, protecting proprietary information [forms bank, brief bank, customized practice management software], and the Americans with Disabilities Act.  The list doesn’t end there.
  5. Talk to an employment lawyer about securing your right to inspect employees’ remote workplaces and monitoring employees’ use of technology.
  6. Don’t neglect the need for face time. Management experts recommend regular web meetings and occasional in-person meetings for an optimal virtual workplace.
  7. Revisit your ethical responsibilities as a supervisor in Oregon.

Confidentiality

Advisory Opinion 201601 revisits the ethical requirements for cloud computing and email communication, the gist of which is:

  • A lawyer may use online data storage systems to store and back up client confidential information as long as the lawyer takes reasonable care to ensure that the information will remain confidential and the information is secure from risk of loss.
  • Email communication with clients is allowed, except lawyers must warn clients if they believe there is a significant risk of third party access.

Oregon takes a similar stance on cloud computing:  “Lawyer may store client materials on a third-party server as long as Lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation.” OSB Formal Opinion No. 2011-188 [Revised 2015.]  For more details, see this post.  See Also OSB Formal Opinion No. 2016-191, “Client Property: Electronic-Only or “Paperless” Client Documents and Files,” which includes a further discussion about electronic client files.

As to email, Oregon lawyers are forewarned to:

  1. Use proper security measures in cases where information is “particularly sensitive or subject to a confidentiality agreement.”
  2. Avoid email entirely if a client requests it.
  3. Scrub for metadata.

See “Safeguarding Client Information in a Digital World,” and “Competency: Disclosure of Metadata,” OSB Formal Opinion No. 2011-187 [Revised 2015].

No mention is made about a duty to warn clients of third party access where the lawyer believes there is a significant risk.  However, it would be foolish not to do so.  Consider the example mentioned in the WSBA opinion: where the lawyer knows her client is using an employer-provided email account.

We’ve discussed this issue before. Your email may not be protected by lawyer-client privilege if your client is reading it at work.  Before you begin communicating by email, take note of the client’s address.  Does the domain correlate to their place of employment?  Don’t use it!  Even if the address is @gmail.com or a similar web-based service, don’t assume your client only reads and prints email at home.  Have a discussion about where, when, and how your client reads your confidential communications and follow the other advice mentioned here.

Another quick word about using the cloud

Virtual practices could not exist without the cloud, a VPN, or some means of hosting and exchanging client information.  Beyond the basics of taking reasonable care to protect confidentiality, implement policies and procedures as described above.  Focus on security and steps to take when a virtual employee stops working for you.  Remote workers can put your law practice at risk if they upload or exchange content that contains malware or ransomware. A study commissioned by a security firm in the UK and Germany found:

  • One in four employees admitted breaking security policies.
  • Nearly two in five said either they, or someone they know, have lost or had stolen a device in a public place.
  • Three-quarters of these devices – such as laptops, mobile phones and USB sticks – contained work-related data, including confidential emails (37%), confidential files (34%) and customer data (21%).
  • Approximately one in ten lost financial data or access details such as login and password information, exposing even more confidential information to the risk of breach.

It is equally important to have a checklist for departing staff that ensures revocation of login credentials, return of workplace property, and disposition of ongoing email or voice communications directed to someone who no longer works for you.

Consider talking to an employment law attorney, or as a starter, see the Professional Liability Fund’s (PLF’s) Checklist for Departing Staff.

Duty to avoid misrepresentation

Advisory Opinion 201601 warns that lawyers may not imply the existence of a physical office or formal law firm where none exists. Therefore, unless you’ve arranged for ready access to meeting spaces or the ability to see clients on a drop-in basis, don’t imply those resources exist.  Posting or implying that you are part of a firm on your website, social media, or elsewhere is also a no-no.  (The same is true for office sharers, an example given in the ethics opinion.)

Avoiding conflicts of interest

Advisory Opinion 201601 points out that virtual offices must ensure that the conflicts checking system is equally accessible to all members of the practice, lawyers and staff, and that such access is reliably maintained.  This only makes sense.

Be sure to add your calendaring system, billing system, client matter records, and everything else you need to operate virtually as a law practice.  All of it must be equally accessible and reliably maintained.

Will the cloud be your savior when it comes to accessibility and reliability?  Probably, but it can’t help you with issues like when to run a conflict check, how to run a conflict check, or the need to circulate a new client list to everyone in the office.  As noted above, procedures will be key!  For help, contact a friendly practice management expert, like myself or one of the advisors at the PLF. While you’re on the PLF site, check out the many publications, practice aids, and forms that will assist you with establishing office protocols.

All Rights Reserved Beverly Michaelis 2017

Recovering Deleted Dropbox Files

File sharing and online collaboration is the driving force of Dropbox.  It does a stellar job in this area, but like all tools, remains subject to the human factor.  What if you, your staff, or someone with whom you are sharing a Dropbox folder accidentally deletes a file?  Most everyone has had this experience on their personal computer, so it’s bound to happen sooner or later in the cloud.

If you notice a file has been deleted and less than 30 days have passed, you can easily recover the file on the Dropbox Web site.  Here are the steps, as explained in the Dropbox Help Center:

Restore Dropbox files

If more than 30 days have elapsed, you are out of luck unless you have a Dropbox Pro or Dropbox for Teams account.  Both include Packrat which “captures unlimited snapshots of your files,  allowing you to recover any file as far back in time as you like.”  Dropbox Pro and Dropbox for Teams users may also be able to restore a file from the hidden cache on their computer.  (Instructions are provided for Windows OS.  Contact Dropbox if you are using a different system.)  Dropbox recommends trying the restore steps described on their Help page first.)

Take Aways

1. Backup.  I can’t say that enough times.  See How to Backup Your Computer on the PLF Web site for a thorough discussion on the subject.  Select Practice Aids and Forms > Technology.

2. Train.  Make sure everyone you add to your Dropbox account understands how it works.  I’m writing this post because my husband and I had a personal experience with a family member who mistakenly deleted some shared files.  We successfully restored the files on the Dropbox Web site (and had a backups, just in case).  The family member deleted files after she received an e-mail message warning her that her Dropbox folder was full.  At the time our shared Dropbox folder was at about 50% capacity.  She had one item in her personal Dropbox folder.  Whether this was an error by Dropbox or malicious spam, we don’t know.  After the family member deleted the Dropbox files she also deleted the e-mail.

3. Share thoughtfully as all users are not equal.  However, if you follow the other two take-aways (backup and train) sharing is far less risky.

Copyright 2013 Beverly Michaelis

Are Click-Through Fee Agreements Ethical?

If you are working to establish a paperless or virtual practice, you may have struggled with the issue of how to transform your paper-based fee agreements.  Oregon Rule of Professional Conduct 1.5(c) provides, in part:

A lawyer shall not enter into an arrangement for, charge or collect:

* * * (3) a fee denominated as “earned on receipt,” “non-refundable” or in similar terms unless it is pursuant to a written agreement signed by the client …   OSB Formal Opinion 2005-151 [Revised 2011].

There is no doubt that a printed fee agreement signed by the client fits the definition of a “written agreement signed by the client.”  But what if you and the client arrange to sign the fee agreement electronically using DocuSign or a similar service?  Or perhaps you’ve set up a virtual law practice and intend to use clickwrap or click-through fee agreements.  Is a click-through fee agreement a “written agreement signed by the client?”

To answer this question, take a look at Rule 1.0(q) of the Oregon Rules of Professional Conduct (RPCs):

(q) “Writing” or “written” denotes a tangible or electronic record of a communication or representation, including handwriting, typewriting, printing, photostatting, photography, audio or videorecording and e-mail. A “signed” writing includes an electronic sound, symbol or process attached to or logically associated with a writing and executed or adopted by a person with the intent to sign the writing.

The rule tells us that:

  • Written fee agreements can be tangible (paper) or electronic
  • Signatures include a “process attached to or logically associated with a writing and … adopted by a person with the intent to sign the writing.”

Therefore, a clickwrap or click-through fee agreement is “a written agreement signed by the client” provided the click-through process is adopted by client with the intent to sign the fee agreement.  To ensure that your clickwrap or click-through fee agreements are ethically compliant, incorporate a step requiring the client to agree or consent to the click-through process.  I also suggest you discuss the click-through process with your client over the phone if possible – give them a heads-up so they know what to expect.  More importantly, make sure they understand they that the click-through agreement is a legally binding contract with the same enforceability of a printed fee agreement signed in ink.

Copyright 2013 Beverly Michaelis

The Year in Review – Useful Tips You May Have Missed

Thank you readers!  I hope this has been a fruitful year for you.  Just in case you missed a tip or two, here is a list of 2012 blog posts for your perusal:

January

February

March

April

May

June

July

August

September

October

November

December

All Rights Reserved 2012 Beverly Michaelis