Another State Adopts Duty of Technology Competence; Makes it 26

heads-in-the-sand

As this blog continues to follow the states that adopt the duty of technology competence for lawyers, there is another to add: Colorado.

That brings to 26 the number of states that have adopted some version of Comment 8 to ABA Model Rule 1.1.

Actually, Colorado adopted the rule last April. I missed that one until a sharp-eyed reader brought it to my attention this week. (Thank you, reader!)

Colorado’s version of Comment 8, which was adopted and became effective on April 6, 2016, differs from the Model Rule. Colorado’s version says:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, and changes in communications and other relevant technologies, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject. See Comments [18] and [19] to Rule 1.6. (Emphasis added.)

The ABA version says:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. (Emphasis added.)

Note that the Colorado version cross-references Comments 18 and 19 to Rule 1.6. That rule pertains to confidentiality of client information. The comments advise that lawyers must “make reasonable efforts” to safeguard client information “against unauthorized access by third parties and against inadvertent or unauthorized disclosure.” The 2016 amendments added this language to Comment 18:

The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Comments [3] and [4] to Rule 5.3.

Note the sentence saying that a client may require a lawyer to implement special security measures not required by the rule. Comment 19, which pertains to transmitting client information, likewise now specifies that a client may require the lawyer to implement special security measures not required by the rule.