Last week we discussed the ethical implications of WSBA Advisory Opinion 201601, “Ethical Practices of the Virtual Law Office.”  As the Committee on Professional Ethics noted, virtual practitioners must take care with supervision, confidentiality, avoiding misrepresentation, and conflicts of interest.  Understandable, but what exactly does that mean?  Here is some practical advice.

Adequate supervision in a virtual workplace

In a virtual workplace lawyers and staff don’t work in proximity.  How do you ensure that remote workers receive “adequate supervision?”  The WSBA opinion mentions taking “additional measures,” but does not describe what those may be. Virtual employers should consider the following:

1. Establish policies just as you would in a traditional office setting:  dedicated working hours when employees are expected to be within reach of their phones or computers; vacation allowance; sick leave policy; how you will measure performance; and so on.
2. Create procedures for employees to follow.  Specifically, how will you distribute assignments and exchange completed work?  Technology is bound to be the solution, so see the discussion below about confidentiality.  Remember to address the “mundane” office tasks too: calendaring, accounting, conflict checking, etc.
3. Require all remote workers to sign a confidentiality pledge or agreement.  The Professional Liability Fund has samples on its website.
4. Get fully educated about legalities:  “In 2011, an Oregon appeals court found in favor of a J.C. Penney Co. Inc. home decorator who was injured after she tripped over her dog while working at home. Although the state workers’ compensation board had held her injuries were not work-related, the appeals court reversed, finding the employee had been working from her home as a term and condition of employment.”
   On-the-job injuries aren’t the only problem: be aware of Fair Labor Standards Act troubles, choice of jurisdiction, protecting proprietary information [forms bank, brief bank, customized practice management software], and the Americans with Disabilities Act.  The list doesn’t end there.
5. Talk to an employment lawyer about securing your right to inspect employees’ remote workplaces and monitoring employees’ use of technology.
6. Don’t neglect the need for face time. Management experts recommend regular web meetings and occasional in-person meetings for an optimal virtual workplace.
7. Revisit your ethical responsibilities as a supervisor in Oregon.

Confidentiality

Advisory Opinion 201601 revisits the ethical requirements for cloud computing and email communication, the gist of which is:

• A lawyer may use online data storage systems to store and back up client confidential information as long as the lawyer takes reasonable care to ensure that the information will remain confidential and the information is secure from risk of loss.
• Email communication with clients is allowed, except lawyers must warn clients if they believe there is a significant risk of third party access.

Oregon takes a similar stance on cloud computing:  “Lawyer may store client materials on a third-party server as long as Lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation.” OSB Formal Opinion No. 2011-188 [Revised 2015.]  For more details, see this post.  See Also OSB Formal Opinion No. 2016-191, “Client Property: Electronic-Only or “Paperless” Client Documents and Files,” which includes a further discussion about electronic client files.

As to email, Oregon lawyers are forewarned to:

1. Use proper security measures in cases where information is “particularly sensitive or subject to a confidentiality agreement.”
2. Avoid email entirely if a client requests it.
3. Scrub for metadata.

See “Safeguarding Client Information in a Digital World,” and “Competency: Disclosure of Metadata,” OSB Formal Opinion No. 2011-187 [Revised 2015].

No mention is made about a duty to warn clients of third party access where the lawyer believes there is a significant risk.  However, it would be foolish not to do so.  Consider the example mentioned in the WSBA opinion: where the lawyer knows her client is using an employer-provided email account.

We’ve discussed this issue before. Your email may not be protected by lawyer-client privilege if your client is reading it at work.  Before you begin communicating by email, take note of the client’s address.  Does the domain correlate to their place of employment?  Don’t use it!  Even if the address is @gmail.com or a similar web-based service, don’t assume your client only reads and prints email at home.  Have a discussion about where, when, and how your client reads your confidential communications and follow the other advice mentioned here.

Another quick word about using the cloud

Virtual practices could not exist without the cloud, a VPN, or some means of hosting and exchanging client information.  Beyond the basics of taking reasonable care to protect confidentiality, implement policies and procedures as described above.  Focus on security and steps to take when a virtual employee stops working for you.  Remote workers can put your law practice at risk if they upload or exchange content that contains malware or ransomware. A study commissioned by a security firm in the UK and Germany found:

• One in four employees admitted breaking security policies.
• Nearly two in five said either they, or someone they know, have lost or had stolen a device in a public place.
• Three-quarters of these devices – such as laptops, mobile phones and USB sticks – contained work-related data, including confidential emails (37%), confidential files (34%) and customer data (21%).
• Approximately one in ten lost financial data or access details such as login and password information, exposing even more confidential information to the risk of breach.

It is equally important to have a checklist for departing staff that ensures revocation of login credentials, return of workplace property, and disposition of ongoing email or voice communications directed to someone who no longer works for you.

Consider talking to an employment law attorney, or as a starter, see the Professional Liability Fund’s (PLF’s) Checklist for Departing Staff.

Duty to avoid misrepresentation

Advisory Opinion 201601 warns that lawyers may not imply the existence of a physical office or formal law firm where none exists. Therefore, unless you’ve arranged for ready access to meeting spaces or the ability to see clients on a drop-in basis, don’t imply those resources exist.  Posting or implying that you are part of a firm on your website, social media, or elsewhere is also a no-no.  (The same is true for office sharers, an example given in the ethics opinion.)

Avoiding conflicts of interest

Advisory Opinion 201601 points out that virtual offices must ensure that the conflicts checking system is equally accessible to all members of the practice, lawyers and staff, and that such access is reliably maintained.  This only makes sense.

Be sure to add your calendaring system, billing system, client matter records, and everything else you need to operate virtually as a law practice.  All of it must be equally accessible and reliably maintained.

Will the cloud be your savior when it comes to accessibility and reliability?  Probably, but it can’t help you with issues like when to run a conflict check, how to run a conflict check, or the need to circulate a new client list to everyone in the office.  As noted above, procedures will be key!  For help, contact a friendly practice management expert, like myself or one of the advisors at the PLF. While you’re on the PLF site, check out the many publications, practice aids, and forms that will assist you with establishing office protocols.

All Rights Reserved Beverly Michaelis 2017