A committee tasked with reviewing the District of Columbia Rules of Professional Conduct has recommended adoption of revisions designed to underscore that a lawyer’s duty to provide competent representation extends to use of technology.
In addition, the committee has recommended changes to make clear that a lawyer’s duty to protect the confidentiality of client information includes the responsibility to protect against unauthorized access, such as through hacking.
The recommendations from the Rules of Professional Conduct Review Committee of the District of Columbia Bar follow from the committee’s review of the recommendations of the ABA Ethics 20/20 Commission, which was charged with reviewing the ABA Model Rules of Professional Conduct in the context of advances in technology and globalization.
The work of the 20/20 Commission led to a number of changes in the Model Rules, including the revision of Model Rule 1.1, Comment 8, which provided that a lawyer’s obligation to remain competent encompassed “the benefits and risks associated with relevant technology.”
The D.C. committee, in its report, recommended against adopting the language of Comment 8. Because D.C.’s Rule 1.1(a) already required a lawyer to have the “legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation,” the committee was initially concerned about selectively listing a specific skill such as technology.
Ultimately, however, the committee decided to address the issue in a comment to Rule 1.1 — but not Comment 8 as in the Model Rules.
The Committee recommends that adding the words “procedures, and technology” to existing D.C. Rule 1.1, Comment  would sufficiently address competence in keeping abreast of technological changes, i.e., cloud computing, as well as the requirement of certain courts to use technologies such as e-discovery and e-filing.
The specific amendment proposed by the committee reads as follows, with the change underlined:
Thoroughness and Preparation
 Competent handling of a particular matter includes inquiry into and analysis of the factual and legal elements of the problem, and use of methods, procedures, and technology meeting the standards of competent practitioners. It also includes adequate preparation and continuing attention to the needs of the representation to assure that there is no neglect of such needs. The required attention and preparation are determined in part by what is at stake; major litigation and complex transactions ordinarily require more elaborate treatment than matters of lessor consequences.
Protecting Client Confidences
The D.C. committee also considered recommendations of the 20/20 Commission that resulted in amendments to ABA Model Rule 1.6 regarding confidentiality of client information.
Under the 20/20 amendments, Model Rule 1.6(c) was revised to require that a lawyer “shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
In addition, comment 18 was amended to make clear that the rule requires lawyers to “take reasonable measures” to prevent unauthorized access to and disclosure of information related to a representation and to provide additional guidance on the factors to be considered in determining the reasonableness of the lawyer’s efforts in this regard.
The D.C. committee concluded that D.C.’s existing rule 1.6(f) adequately addressed a lawyer’s obligation to prevent unauthorized disclosure of client confidences and secrets, meaning disclosure from within the firm to outside. But it determined that the rule did not address unauthorized access initiated from outside the firm, such as hacking.
For that reason, it proposed the addition of language designed to cover the lawyer’s duty to prevent unauthorized access (again with the changes underlined or crossed out):
Rule 1.6 (f) A lawyer shall exercise reasonable care to prevent:
A lawyer shall exercise reasonable care to prevent the lawyer’s employees, associates, and others whose services are utilized by the lawyer from disclosing or using confidences or secrets of a client, except that such persons may reveal information permitted to be disclosed by paragraphs (c), (d), or (e); and
(2) the unauthorized access to confidences or secrets of a client.
In keeping with this recommendation, the committee also recommended revisions to Rule 1.6, Comment 40. As it currently stands, the comment addresses a lawyer’s obligations with respect to the transmission of client confidential information, but not the storage.
The proposed revisions to comment 40 serve two primary purposes, the committee said. One is to make clear that it applies both to transmission and storage. The other is to provide additional guidance on the factors to be considered in determining the reasonableness of a lawyer’s conduct in transmitting and storing information.
Acting Competently to Preserve Confidences
transmitting a communication that includes information relating to the representation of a client transmitting or storing confidences or secrets of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty does not require that the lawyer use special security measures if the method of communication or storage affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Among the f Factors to be considered in determining reasonableness of the lawyer’s expectation of privacy conduct in transmitting or storing that information are: include the sensitivity of the information; and the extent to which the privacy of the client information is protected by law or by a confidentiality agreement; the cost of the security measures; and, difficulty in implementing the safeguards. A client and a lawyer may agree that the lawyer will implement special security measures beyond those required by this rule. A client may give informed consent to forgo security measures that would otherwise be required by this rule. A client may require the lawyer to implement special security measures not required by this rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this rule. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments -.
The committee completed its report and recommendations in February and put them out for public comment, with the comment period having ended April 19. The recommendations now go to the D.C. Bar Board of Governors, which will decide whether to submit the recommendations to the District of Columbia Court of Appeals, which sets the rules of practice within D.C.