Sign Missouri Banking Confidentiality Agreement Simple

Industry sign banking missouri confidentiality agreement free

today we're here for the cle it's been approved for 1.2 ethics hours in missouri and one hour of ethics credit in arkansas so my name is jennifer matthew i am the director of hr4 alaris i just have a couple of housekeeping items and then i will let whitney take over please visit our website which is alarisadr.us for future webinars we try to put these on monthly and they are free we are planning an online diversity cle for september 30th for those of you that may be interested we have national speakers jonathan lovitz and joel stern they'll be on the panel and we the details are being finalized so please check back and register through our website after the webinar today you will receive a survey we are always looking for ways to improve or any additional ideas so please share those with us and we will share your comments with the presenter you will receive a certificate of attendance as well that usually takes about 48 hours from the cle if you are joining us by phone only i forgot to look and see if there are some of you uh but usually there's a few of you that are attending by phone yes there are so please send an email to marketing at alaris.us so that we can identify you and make sure that you get your certificate by name so again if you're on the phone it's marketing at alaris.us and if you have any questions throughout the webinar today please feel free to submit them through the q a link i will be monitoring that and i know that miss dunn will answer as many questions as she can if there are questions so without further ado it is my absolute pleasure to introduce whitney dunn this afternoon she is an expert on this topic and we are thankful she's here to share her insight with us whitney dunn is risk manager for the bar plan is a national speaker and presents to hundreds of lawyers annually on ethics professionalism and malpractice avoidance when not presenting she provides one-on-one ethics guidance and law practice management assistance to attorneys in the states where the bar plan provides malpractice insurance and i just had to look that up witness i hope i get this right but i believe those states are missouri kansas indiana new mexico and tennessee i hope that's right yes all right so take it away and um i appreciate you again and i will jump in if there are any questions so thank you great thank you so much jen and thank you to everyone for being a part of this program today um as jen said i am a risk manager at the bar plan we write in the five states that she indicated and i also want to let um everyone who's participating in the webinar today know that you do not have to be an insured of ours to call in and get ethics guidance the only requirement is that you're licensed in one of the states where we write so i know there are some kansas attorneys on the program i know there are some arkansas attorneys who maybe also have a license in missouri please reach out whether we insure you or not if you have an ethics question and you're licensed in one of those states because we are dedicated to promoting professionalism and um good ethical principles in the law and we really want you to ask your questions and get answers instead of you know taking a guess or taking a stab and kind of hoping things fall correctly you know the rules of professional conduct are not as intuitive as one might originally think and so that's why we're always happy to provide that ethics guidance so i am here today to talk to you about ethics and malpractice issues of electronic information you can see um there my email address is on this first slide it's also on the last slide so reach out anytime and i believe that jen said if you have questions you can ask them in the chat feature and she'll pop in and share those with me don't save your questions to the end please let us know what your question is when we're actually talking about it i don't mind being interrupted i'm quite used to it so we're going to talk about ethics issues that relate to electronic information and though these are not the only rules that are relevant relating to electronic information these are the four we're going to be discussing today this program is geared toward missouri specific rules but i can tell you that if you're in another state it's probably still going to be applicable as most attorneys know the rules of professional conduct for each state are drawn from the aba model rules and most of them are going to be very very similar as it relates to the things that we're talking about specifically confidentiality issues and making sure that you're appropriately taking care of the electronic information you get into discovery disputes and inadvertently disclosed information and things along those lines so we're going to start with probably the most important or at least the most onerous duty when it comes to an attorney when we're talking about electronic information and that is the duty of confidentiality in missouri and in the model rules and probably in many of the states where you are if you're not in missouri there is a subparagraph to the confidentiality rule 1.6 that says a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of or unauthorized access to information relating to the representation of the client now this absolutely is something that is typically going to apply to electronic information how do things get inadvertently disclosed well you put the wrong email address in because autofill completes it for example if you're sending an email or someone that works in your office um does that and something's accidentally or inadvertently disclosed another way that things can be unauthorized accessed or disclosed in an unauthorized way excuse me is that there could be hackers or scammers who are out there trying to get that information from you and so it's really important to understand what your duties are to make sure you are keeping uh keeping those confidences to the um to the extent that it is possible now comment 15 again it's 15 in missouri is the comment that talks about what it means in order to make those reasonable efforts to prevent that disclosure and it says here that if you do make those reasonable efforts and the disclosure occurs you may be responsible for other reasons there may be there may be other things that you need to do but from an ethics perspective you cannot be subject to discipline for an inadvertent or unauthorized disclosure or access so long as you took those reasonable efforts to prevent the disclosure or the access this is comment 15 continued and it looks at some of the factors that are considered in determining what is reasonable when taking these efforts to protect this information and you can see here the very first one is the sensitivity of the information so i really wish that i could give everyone a checklist you know you do these five things you're taking reasonable efforts but unfortunately this is going to be something that is going to need to be a a more thorough analysis than that and you see that based on the very the fact that the very first factor is the sensitivity of the information it may need to be a case-by-case basis analysis um you know if you only handle divorces for example and you typically handle divorces for individuals who are you know middle class or uh you know fall into a category of um you know the the typical type of um of person let's say you know there's no there's nothing that would be necessarily special that um that would require additional safeguards so say you were going through in your divorce and family law practice you have the um the steps in place that work for you and work for most of your clients and then some by some um you know stroke of luck you end up representing jack dorsey which he's from st louis he is the founder and ceo of twitter and because he's from st louis this is something that could potentially happen but say he's going to get divorced and you wind up representing him his information is going to be extremely sensitive significantly more sensitive than if you were to represent you know me in a family law matter or uh or most of the people that you would come into contact with in saint louis and so that is the type of thing that you need to be aware of is that when you're doing these analyses of what you are what are going to be reasonable efforts it's going to be something that you need to keep in back of your mind because occasionally you're going to need to go farther depending on the individual that you're representing or the type of information that is present um in your in your computer system because of that representation you also see here in the comment that a client may require a lawyer to implement special security measures additional beyond those that are going to be considered quote unquote reasonable that may be you know if the ceo of twitter is your client he may he may request and um give you the information if this is what i require relating to my information and if that is requested then you need to do that or alternatively get that um that client's informed consent to why you wouldn't be doing that you also can get the client's informed consent to forego security measures that would otherwise be required by the rule but i would not um i would not guide you in that direction you know we as attorneys i'm assuming most of the people who are participating in this program are attorneys by trade and do not also have for example a master's in computer science or anything like that we are probably unlikely to be able to give appropriate in the give appropriate information to get a client's informed consent to forego these security measures because the definition of informed consent in the rules is that the client has been given um all information relating to the material risks of and the reasonably available alternatives to the proposed course of action i know i would not be able to um fully advise a client about what the risks and proposed available alternatives would be to foregoing security measures such as you know firewalls and passwords and multi-factor authentication and things along those lines and so it's unlikely that you would be able to give to truly get an informed consent to forego those measures as well so with all of that said well what does that mean where does that leave us what do we have to do well there was an aba formal opinion that was published three years ago now but as far as i can tell from reading it uh it still has a lot of really good information in it about what an attorney needs to do in order to appropriately respond to these duties to protect um client information especially information that may be stored electronically so let's kind of break some of these considerations down it walks through each of those considerations in the opinion the first consideration is understanding the nature of the threat and i kind of refer that refer to this as understanding you know what do these hackers what do these people who are trying to get into the system want and the answer is that they want money or information that they can then sell for money they want credit card numbers they want banking information they um they want login information they want to try to get your login so that they can get into the system and see everything that you have the ability to see to try to scour for that type of information that would be um beneficial to them financially if they were able to sell that on the black market and it's important to you know the reason i point out what they want is because sometimes i do talk to attorneys and you know i'm i'm frequently in rural missouri in rural kansas and i talk to attorneys who will say well nobody cares what i do you know i'm just a solo or i just have a firm with you know three attorneys and i'm in the middle of nowhere and who's gonna what russian hacker or chinese hacker is going to come after me and the answer is well any of them who find your name anywhere online and want to try to see if you have any information that they can sell the majority of scams and um hacking attempts that take place in the u.s according to the fbi occur at um places of business with less than 50 employees so we all hear about the bank of america um breach and uh you know we hear about the breaches that occur you know if google if gmail has breaches but that also can impact um small firms that represent not represent businesses that are smaller or represent clients that are not businesses at all so understanding what they want is a good way to to understand that this is something everyone should be paying attention to the second consideration from the opinion is understanding how client confidential information is transmitted and where it is stored and so if we talk about the first consideration as understanding kind of what these hackers want this second consideration i think it's important to understand how they would get it one of the primary ways that hackers and scammers get into law get into law firm systems and get law firm information is they send a phishing email that says you know something like click here to input your username and password to check your access to clio yep that would only be sent obviously to someone who it was suspected that they used the clio system but maybe and right now we're seeing this a lot because right now a lot of people are working from home you can see my rafters in my basement above me i'm one of those people um there are a lot of hackers and scammers trying to take advantage of the fact that people are working from home take advantage of the fact that people's guards may be down and sending emails that say click here to input your username and password to check your connection to your remote system that's the type of thing that if even if you've appropriately trained your staff um and they know how to spot that type of scanning email when they're at home their guard may be down it may be reasonable for them to think oh well maybe it's doing a check so that we can see if the remote system's working i'll just put that in here and then that is how the individual who receives that username and password gets into your system and gets all of that proprietary information it is an absolute nightmare it absolutely happens to attorneys i've spoken to attorneys that it's happened to and so you want to make sure you understand how this can happen so that you can appropriately respond and put the right safeguards in place and get the right employee training going to keep that from happening understanding and using reasonable electronic security measures is huge again as i've already said it's unlikely you as an attorney have the expertise to put in place everything that's needed you'll probably need to associate with someone that does have that expertise you know bring in a vendor or maybe if you work at a large enough firm maybe you literally have an information systems or an information technology person on staff but these are some of the things to think about whenever you are developing um you're developing your um or if not developing hopefully all of you have those but maybe firming up and strengthening your cyber security measures use secure internet access methods to communicate access and store client information this is big when you have people working from home when they're always working from the computer in the office that has been provided to them by the office they probably have the right firewalls protect and protections in place they probably are using a secure network to connect to the system but maybe at home they don't even have a password on their wi-fi and their neighbor uses it too that's the type of thing that isn't secure so there needs to be appropriate training and um perhaps maybe even some technical support provided to employees who are working from home to make sure the way they're accessing your system and getting into their email and any other any other thing that might contain client confidential information that it is secure using complex passwords and changing them periodically is um i've heard many cyber security professionals say the single most important thing you can do to protect the um information that you have in your system and w at is a complex password well the last the last study that i read said that surprisingly you know we like to put a lot of symbols and numbers in our passwords trying to think that that would make them more complex and i think part of the reason is because when you're signing into google or um or amazon or twitter what have you a lot of those um a lot of those websites have started to require include a symbol include a number include a capital letter and a lowercase letter because that's what they you know their research is told then is secure but because so many places require that the hackers are very good at this they're very smart and their algorithms that they use to try to decode passwords have actually caught up to that type of password in fact the the hardest thing for those algorithms to decode is a random almost word solid password of you know three to five english words that um have no connection to one another that is going to be the easiest or sorry the hardest thing for those algorithms to decode so i'm um i am going to use our president as an example um person man woman camera tv whatever those whatever those five words were i might have not gotten them all correct um that would be a more complex password than say the say the word april with an at sign for the a and a capital p and then a lowercase r and an exclamation point for the i you know that would actually be a less complex password even though to our eyes it appears to be harder to decode because the algorithms are set up in order to decode those more quickly firewalls anti-malware anti-spyware i'm not going to pretend like i'm an expert in these we have an i um an is director who handles all of that and make sure it's on all of our systems but you absolutely need to be using those according to um the fbi and this is this came out in march and so i don't know if it is still true but right after shutdowns begin happening and people started working from home there was an extreme rise in the amount of malware that people were seeing caught by their filters i can tell you even at the bar plan there was an ex you know we saw the um our i is director shared the shirt with us and it goes kind of like this because there was a lot of um there were a lot of malware attempts trying to take advantage of people working from home and maybe their guard is down or maybe they don't have those um those anti-malware um soft don't have that anti-malware software installed so be aware of that as well encryption and multi-factor authentication is also really important you know i keep banging the drum of when people are working from home but this is something we all kind of had to adjust to on the fly and are still now even almost six months later learning and um and seeing ways that we can do that better and so multi-factor authentication is a big one because you're potentially going to have people beginning to access the system through devices that they previously didn't use making sure that the username and password is not the only thing that someone needs to access the system from a brand new device is another way to prevent those hackers even if they get the username and password they're not going to probably get the employee's personal cell phone also you know as they're sitting overseas trying to input that information and so make sure you install there's google authenticator is a is a free service that you can install and link up to your system to make sure that every single person who enters the system has a has their own token that generates on their personal phone and generates the one on my phone generates every 60 seconds whenever i want to log into our system from a new device and so there's no way that someone other than me or a person with my phone could get into the system so that's another way to prevent those hackers from getting in another consideration in the opinion is determining how electronic communications and client matter should be protected after you've thought about the reasonable measures um what do you actually have to use the very first thing the most important thing to do when you're making when you're walking through these considerations is at the very beginning of the attorney-client relationship have a conversation with the client tell them these are the types of security measures that we currently use we typically communicate via email this is the way that we normally safeguard that email have a conversation with the client so that they understand what you're doing and if they are a special unique client who is themself an expert in um cyber security and they have something else they would like you know an additional step or new software they would like for you to include excuse me in your system whenever you're representing them you'll know about that and you can have that um you can either get that taken care of before the representation begins or have that conversation with them about the fact that that isn't feasible for your office and see where you can go from there another reason it's really important to talk to the clients about this up front is because sometimes clients themselves may do things that jeopardize their information you know regardless of whether or not it is something that is set up with your system that jeopardizes it there's there have been um opinions that i've read where a client for an employment law matter but they were um bringing suit against their current employer but they did still work there they were communicating with their client through their employment email address and what's the first thing that all of our you know whenever we get hired into a new job one of the first things after we get our email address at that company is being told they can monitor and see your communications so that isn't secure that isn't confidential that is not the way that an employment um an employment law client should be communicating with their employment attorney so you need to have those types of conversations as well if it's a divorce or uh or custody dispute and you know a husband and wife or a couple who recently split up used to share an email if that's the email that the person is going to be using to communicate with you as their attorney that probably isn't going to be secure so those are the types of things you need to make sure you're talking about with the clients you know it's more than just someone some foreign bad actor trying to get after that information it can also be people within their own lives and um directly related to their case another thing that's important to make sure you're protecting this information is to label client confidential information and whenever um whenever i have read and there have been numerous numerous cases but whenever i've read cases where an attorney tried to argue that having a boilerplate confidentiality provision in all of that you know jumble of language below their signature block that went out under um under their signature block on every single email they sent whenever an attorney tries to claim that an inadvertently sent communication was privileged or confidential because of that the court always strikes it down you know you're supposed to take reasonable efforts to protect the information and doing setting doing a set it and forget it it's in every single email that i send that's not going to be taking a reasonable effort to protect that information a better way is to actually put it at the top of the communications that are meant to be privileged and confidential so someone might actually read it before they read anything else in the email and also to only label those communications you want to be considered privileged and confidential as such so that way the court can't say look you weren't actually trying to protect this confidential information that exact same statement about confidentiality and privilege was on the email that you sent to jimmy john's when you placed your sub order for the office last friday it was on the email you sent to your vet when you scheduled the time to go and pick up your dog from the groomers so obviously you are not actually caring about privilege and confidentiality so making sure that you use it only when it me it's needed and put it at the top is important we also recommend you give one to the client so the client can similarly label all of their communications to your office as privileged and confidential and now on the left of your screen this is a sample privilege and confidential statement that our director of risk management at the bar plan drafted it may not work for everyone anytime we use or give any sample language we always say in a lawyer for yourself make sure it works for you but it does a few important things the very first thing it does is say privileged and confidential and then it says for whom the communication is intended and then it says if you are not that person this is an inadvertent transmission please refrain from reading the email destroy it and contact the sender regarding the inadvertent transmission so that is the um that's the bare minimum that we recommend you include in those um confidentiality and privilege statements training lawyers and non-lawyer assistants is going to be huge you know as i've said when we're talking about these bad actors primarily the way that they get in is they send phishing emails and try to get people to give them the information that they want they use social engineering emails they do not actually um themselves you know get in it's not like the 1990s movies where you see someone just clicking clicking clicking on a keyboard and saying okay we're in and that isn't how that isn't how it happens um nowadays they they trick you or your employees into giving them the information that they want so making sure you do that training and you if you aren't um an expert enough to do the training yourself bring someone in to do that training it's really really important i also recommend you have someone on staff responsible for watching you know the uh what the fbi says about the types of hacking and phishing scams that come through they keep they do a really good job of keeping businesses aware of the types of things that they need to watch out for and that way if there is a new scam that you think your firm's employees could be susceptible to or may be targeted for you can let everyone in the office know and then they can have a heads up okay i'm going to make sure that i'm really careful and i don't fall for that another thing that is always a good idea if possible um you know we obviously recommend this um this training occur and it can be sometimes hard to do training i know when people are working from home but when you do that training there are a lot of um companies who do this training who can set up a test afterward where after the training they send themselves a fake uh fake phishing email and then you can see who in the company fell for it and then you can maybe follow up with those individuals to see if they maybe need some additional training or some additional help to make sure they're spotting the right types of risks and their and they're not falling victim to those even just falling victim to it may be enough in their mind to solidify okay now i totally get it i see where they're coming from this isn't academic anymore i wouldn't fall for that again last consideration from the opinion is to make sure you're conducting due diligence on the vendors that provide the communication technology that you're using if you're bringing in someone to make sure your system is secure they may have access to some of the information in that system so you need to make sure that they understand that duty of confidentiality that goes to them as a vendor of your firm just as if you were yourself accessing the information and um you know make sure that they use they use also reasonable security measures and take reasonable efforts to protect that information you also want to make sure that your contract with them includes a legal forum for relief and an ability to get legal relief if they do breach the duties that um that they have as a result of representing and helping out with law firm matters so that is the confidentiality portion of the program if you have any questions please pop in if you have any questions about anything related to that but now we're going to move into talking about competence and technological competence um i know that this language is in the model rule i know that in missouri it was adopted i believe in september of 2016 as part of our duty of competence and and that is that an attorney excuse me in order to be competent is required to keep abreast of changes in the law and its practice including the benefits and risks associated with relevant technology now i have a hypothetical here that i don't know the answer to it's a hypothetical more to get you thinking about what it means to keep up with relevant technology but i'm going to go ahead and pose that now assume two identical tasks performed by lawyers abel and baker abel completes her task manually expends one hour to complete it and bills the client accordingly baker completes her task using the benefits of relevant technology expense 10 minutes to complete it and bills the client accordingly has able ethically billed now you probably know that 1.5 the fees rule includes a requirement that all fees be reasonable so is it reasonable to bill six times um the amount another person may bill because you did not avail yourself of um relevant technology well that is again again it's a question i can't have the answer to there are going to be a lot of different things that are going to be considered in determining the answer to that question i can tell you probably if we're talking about one hour versus 10 minutes and um and you know the technology is relatively new or what have you we're probably not looking at a unreasonable or unethical bill but what if it was 10 hours versus 10 minutes and the technology was pretty um pretty well known and available i don't know if that 10 hour bill could possibly be um be a reasonable bill in light of the fact that you could potentially do it in 10 minutes with reasonably available technology so just kind of a a question to get your mind thinking about what it means to be competent when it comes to technological issues and ai is becoming more and more prevalent in the law there are ai tools that can conduct legal research there are ai tools that can even draft um documents for you they obviously significantly decrease the amount of time that it takes to do certain things and no one is saying rely only on ai obviously you need to as an attorney then go back and review what the um what the bot did but there are a lot of tools out there and i get a lot of attorneys who are wanting to make sure they comply with this duty of competence to to say well that is out there and it would save me a lot of time um it might even make me a better lawyer am i required to begin using that service and here are some here are some things to think about whenever you're doing that analysis for yourself is it recognized as a means um you know in the industry at large as a means of facilitating the relevant parts of your practice is it something that's priced competitively this is a big one you know some of these ai tools for big firms pay for themselves but for small firms are pie in the sky and impossible to um to bring on because of the cost and that's that doesn't mean that the small firm that can't afford it isn't being competent and isn't representing your clients adequately but you also have to keep aware of what's out there because some you know as technology progresses frequently technology um costs for new technology go down the older the technology becomes and so there may reach a tipping point where it is cost effective and it is more efficient and you would be required to make sure that you include that in your practice is it easily supported by what by the system that your firm currently has or would you need to invest a large amount of money and outside technology support to install it um you know those are another thing to think about is there a foreseeable benefit to the client based on cost scope accuracy fficiency or some other important factor that's relevant to the specific project and that points out that there may be a type of um you know a type of technology that if you get one specific client you get the ceo of twitter for example it may be worth it for your firm to put in a um a system that you wouldn't normally have because that is a you know a whale type of client and you want to make sure that you keep that person around to that end if you charge that client for implementing that new technology tool it belongs to the client so that's another thing your firm needs to consider once that client goes that tool will go with the client it might be more beneficial to just make the investment to bring that client in and then you'll have it to use for other clients going forward last thing to think about and these this is a non-exclusive list but the last thing here on the slide is does the technology have a potential to create greater efficiencies and that's where you see how maybe the ex the increased efficiency for your firm to implement certain technological solutions that may be something that would allow you to represent a significantly larger number of people bring in significantly more money to the firm maybe you view it as an investment instead of instead of just something that is going to be very expensive for the firm to implement so let's talk some more about basic communicator basic competence relating to certain types of electronic information let's start with basic communication competence this is kind of a missouri specific thing but i think it's important that the missouri attorneys on the program are aware in missouri i see tons of emails from attorneys that in that boilerplate language under their signature block includes a statement saying something like the missouri disciplinary administrator's office or which by the way is not what we call our discipline authority in missouri or the missouri legal ethics office what have you requires me requires missouri attorneys to inform you that email is not a secure form of communication the attorney is communicating to the client via email because client has consented to the use of email for attorney-client communication i see that a lot and sometimes there's even more language to it than that um i would guess if there are there's a decent number of missouri attorneys listening to this program at least one of you has that in your email signature you are not required by any missouri missouri authority that governs missouri attorneys to include that and um if you don't believe me here actually is the missouri informal opinion from legal ethics counsel's office saying that you do not have to include that and it quotes a bunch of these other opinions that um refers to a bunch of these other opinions that are from the late 90s which is where a lot of this language comes from so that means that these other opinions that are being referenced are more than 20 years old so even if even if putting that into your email was a reasonable effort to competently protect the security of information the language being more than 20 years old is probably not going to be the best way to use it but it's not required and it isn't the appropriate way to protect your client's secure information so just be aware of that text messages are another thing that are um you know a huge way that people communicate with clients i talk to tons of attorneys who text with their clients and that's okay but you need to make sure you understand that those text messages are part of the client file just like emails are just like letters are they are correspondence with the client and you need to be able to retrieve and archive those as part of the client file you know pursuant to your duties to keep the client file just like you would be required to keep a copy of a letter or an email in there another thing to think about is the issue of confidentiality and i don't only mean can sprint read your text messages although that's definitely part of it you should make sure you understand those user agreements that you sign um if you're going to be texting with clients but also think about just the physical aspect of what happens when you receive a text message frequently um for for most phones and i believe there is a way to turn this off um but the you know the the standard um way that phones operate is you receive a text message and there is a pop-up either on the lock screen if your phone is locked or if your phone isn't locked maybe it drops down from the top saying from whom the message is and you know the first line or two of the message so imagine you are at a settlement negotiation and your client is not present but is texting with you you have your phone laying out on the table and your client texts you okay we'll take fifty thousand dollars that's the type of thing that as your phone dings and maybe the other attorney not even trying to do anything wrong just naturally looks to where the ding is it's hard to erase that from their mind if now they know for a fact your client is willing to accept 50 000 because maybe you had just finished telling opposing counsel that you didn't think you could get your client down off of 75 for example so that's the type of thing you need to be aware of in the way that you know that is an important thing to be aware of when you come when you talk about technological competence is understanding the ways that other individuals may be able to see your clients um communications to you social media is huge i um i sometimes talk to attorneys who you know want to say well i don't even mess with that facebook stuff i think that's all just silly unfortunately there are a large number of people who do mess with that facebook stuff and there's discoverable information out there on facebook your client may in fact be doing things on facebook that directly impact their case and you need to have a base level of understanding about the different social media platforms that are out there and how they're used so you can appropriately you know appropriately submit discovery requests to try to get some of that discoverable information that's out there and also to advise your client about the types of behaviors they should and shouldn't be engaging in on social media and the ways that that could impact their case you know you can't unfortunately you can't just put blinders on and say well i don't worry about all that social media stuff that doesn't really make any sense to me another thing that can frequently happen is a negative social media review from a disgruntled client you know someone goes on yelp and leaves a one star review or avo or any other i think even the yellow pages has an online excuse me has an online um way to review attorneys so what can you do if you get a one star review from someone who goes on a long time and says nothing truthful you know the client doesn't doesn't say a single thing that's true about their representation other than that you represented them you know what can you do a lot of attorneys are tempted and some do to kind of respond in a point-by-point fashion you know you said that i didn't handle your matter competently or you said that i ignored all of your phone calls well that isn't true in fact i can demonstrate through call logs that i've responded to your phone calls within 24 hours every single time or whatever it's it's human nature to want to protect ourselves and to want to defend ourselves whenever we perceive we're being attacked but that is impermissible because of the confidentiality rule you cannot respond to a negative client review in a point-by-point fashion um it unless there's there's one way you could if you got that former client's informed consent to you revealing all of that information then you would be able to respond in a way point fashion but i'm betting a disgruntled client disgruntled enough to leave a one star review isn't going to give you that consent and sometimes i hear attorneys say well what do you mean i can't reveal the information they already revealed it it's it's not even confidential anymore well that's not true either it is no longer privileged and that they've revealed it so they wouldn't be able to claim privilege or an attorney representing them in the future wouldn't be able to claim attorney-client privilege for that any longer in the way that they communicated that but absolutely it is still confidential the language in the comment to the confidentiality rule that talks about what is and isn't confidential information is all information relating to the representation whatever its source is confidential information that's something a lot of attorneys misunderstand so that includes um you know things that are online on pacer or in missouri it's case net for um state and circuit court cases um that includes something that's on the front page of the newspaper it is still confidential and you as an attorney so are bound to keep that confidence unless one of the exceptions to the confidentiality rule applies so maybe you're saying hey i i actually think one of those exceptions applies and it's the controversy exception right you see we've put we've included it here 1.6 b in missouri it's b3 to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client you can reveal confidential client information for that purpose but every single ethics authority that has looked at this issue and it has been a large number of them i know at the very least missouri has an opinion saying this i know for a fact illinois has an opinion saying this um that is a bad review online is not a controversy to trickle to trigger the um controversy exception to confidentiality so what it what can you do then well the best way is to just ignore it and instead get a lot of satisfied clients to write positive five star reviews to help drown out that one star review that is i promise the best way to respond to this type of review but if you are someone who absolutely you know i can't abide by it i must respond i need to put my statement out there then this that's now on the bottom left of your screen is about as far as you can go this was language that was drafted by the pennsylvania state bar when they looked at this question and decided exactly the same thing that i've been telling you and in my opinion this actually maybe goes a little bit too far it basically says that a lawyer has a duty to keep client confidences and i can't respond to my point fashion in this forum but then it says i do not believe the post presents a fair and accurate picture of the events and because all information relating to the representation whatever its source is confidential that would mean the fact of the representation itself would also be confidential and so i would probably out of an abundance of caution say something more like the post does not prevent present a fair and accurate picture of the type of representation i generally provide to clients or something like that it's so generic as to say nothing it does almost nothing but if you feel you have to respond you know that's about as far as you can go um i also want to talk about social media um a little bit more and a little bit more in depth this is a great opinion go out there and check it out um if you have any questions about the types of things you need to be concerned with when you're talking about using social media not only as a means of communicating with clients and not only as a way to make sure that you are properly advising clients but also as a marketing tool that's a way that sometimes attorneys can um can end up in a little bit of hot water is if they use social media to market and do that incorrectly i will say jen did we see did i just see a question pop up you did can you see it right well i can't i couldn't see the question i just saw a little drop down that said q and a there was a question so right so i'll get on to you then it is a little bit long but this is the question with respect to negative review non-client i presume the rules do not apply our firm received a negative social media review that was intended for another attorney at a different law firm we were in disagreement within our firm on how to respond or whether to respond at all some of the firm wanted to respond online and publicly ridicule the non-client that's the question so if it is a non-client you would be permitted to respond i mean here's the thing you're permitted to respond regardless but what can you say in the response so for a non-client you would be permitted to respond but you would need to be very very cautious that in your response you did not reveal anything relating to your client representation so if this was maybe an opposing party who had filed a a negative review and some of that information that was in the review related to your representation of um of the club of the individual on the other side you wouldn't be able to reveal any of that other information without giving that client's informed consent i'll also say that back long ago in um in an old job that i had i received a really good tip from an attorney at a company that i worked for who said don't put anything in an email or online that you wouldn't want to see on the front page of the new york times and i think that if you want to reach out you know or sorry if you want to respond to something like that tearing someone down and uh you know tearing them apart that think about how that might make others think about your law firm you know part of online reputation management is to you know make sure that you're always communicating in a way that is courteous because you don't want someone to think oh well that law firm is just full of a bunch of jerks for example um and you also want to try to avoid responding even if you do feel like you should respond um in the heat of the moment or with any type of emotion because you're a lot more likely to say something that maybe you would regret or maybe wouldn't paint your law firm in the best light with all of that said if it is a non-client and there is no danger of revealing confidential information from a strictly ethics perspective you may respond to that but you know again for all of the other reasons that i just said i would still caution uh you know use caution in making that type of response so talking more about social media um i want to make sure one thing that's really really important when we're talking about communication competence in the current covid age as people are working from home and as you know maybe offices are being forced to close such that clients cannot even come in can't even do face-to-face client consultations there are a lot of video conferences we're kind of on one right now you know this is more of a webinar than a conference but more and more people are using video conferencing service and it's really important that you understand that if you're using a video conferencing service that is free it probably isn't secure and that's probably not going to be an appropriate way to protect your clients communications um for a few reasons one of the reasons is that frequently for free services what is being you know what the product is how people are making money off of that service is that they're selling the users names data and you can even you know frequently see that when you look into the user agreements for those types of services so that's obviously com going to post confidentiality problems also sometimes free services we heard this a lot with zoom whenever this started zoom was susceptible to zoom bombs people would just jump into a meeting that they had no business being in and um you know and behave abhorrently and do a lot of terrible things and you definitely don't want that happening when you're communicating with your clients so you want to make sure when you're using any type of video conferencing that you lock the meeting whenever everyone is in i also if i'm running a zoom meeting i require people to use a waiting room and i admit people into the meeting um as they you know as they join that way if anyone is trying to get in and i don't recognize them and they're not supposed to be part of it they can't get in and see the meeting um so just be be aware and be cautious of that facebook chat and google hangouts and all of those are fantastic ways to catch up with family and friends um as covet is going on but they're not going to be the appropriate way to communicate with your clients whenever you are having a video conference to replace what would normally have been an in-person meeting in your office another thing to keep a track of is research competence um there are tons of research tools out there this is the principles and standards for legal research developed by the american association of law libraries i didn't know that that existed until we were putting together this program but that that organization exists and here is their definition of an attorney who conducts legal research in a competent way in light of the modern technology that exists i can tell you if you are conducting legal research exactly the same way that you did and you were taught in law school and you've been out of law school for let's say five years or more you probably might want to go and do a little bit of brushing up um you know i certainly do not do things exactly the same way that i did when i was in law school there have been a lot of tools that have really helped make that an easier and more efficient process and so you want to go out there and make sure you're keeping abreast of relevant changes in technology relating to legal research discovery competence is also going to be a big one when we're talking about electronic information um whether you do e-discovery or not you know whether you engage in those types of large e-discovery everybody's on their phone all the time right and so even even a small divorce there could be relevant electronic information in apps or mobile devices that clients are using so you need to make sure first of all you know you see here rule 3.4 a requires that a lawyer cannot obstruct another party's access to evidence or alter destroy or conceal a document and you cannot counsel or assist another person to do any such act and so um the inverse of that is take the proactive step to counsel your client not to destroy or delete anything on their phone that may or their their tablet or laptop that may be relevant to the matter specifically regarding e-discovery if you're in a matter that needs to needs to include e-discovery this new york county bar opinion does a really good job of setting out what um you know what you need to do if you have an e-discovery matter that comes across your desk and it says if you aren't competent to handle e-discovery alone associate with another attorney who is or don't take the matter you know period and if it arises you know you're gonna have to associate with another attorney who's competent to handle e-discovery or get out and here's a list from a california state uh bar opinion that walks through what it means to be competent to conduct e-discovery and so you can see it's a pretty it's a pretty high bar when we're talking about e-discovery issues you need to make sure that you are handling those competently to comply with your duties under the rules of professional conduct and to avoid malpractice lawsuits there are these are some common thorny issues that can arise relating to e-discovery if you have any matter in the eu or in any way related to the e to the eu gdpr is going to absolutely be relevant again we talked about that duty of competence duty of confidentiality is another one you know this is duty of confidentiality pops up everywhere when we're talking about electronic information and some parties in e-discovery um you know in matters that have e-discovery are requesting a provision that um the party who's going to be who has requested the information is going to be receiving it that the receiving party give certain assurances about the types of security measures that they have in place to protect that information once it comes in and they have it in their hands because you know you don't necessarily have that duty to protect that information on behalf of someone who isn't your client but it might be a good idea to think about um to think about that if you are going to be sending information in response to that type of request that you ask the other side to make those assurances as well some practice tips relating to discovery competence um when it comes to electronic information if you aren't competent associate with someone who is discuss the parameters with opposing counsel at the outset so things don't get out of control you know when we're talking about electronic information the electronic world is gigantic now and it can be extremely daunting in order to turn over every single thing you know don't don't do that to yourself don't do that to the other side you don't have to request and produce it all if someone sends an over broad request like that you know file your your objections that they're over brought in response and then reach out and say what are you actually trying to get here i want to cooperate with you but you have to understand i i can't respond to that type of request that's just unreasonable and tell clients not to self-collect their data um there are quite a few reasons for this number one is the other side really going to believe that's everything just because the client says so i doubt it number two what if in their attempt to self-collect they inadvertently delete information you definitely don't want to be um to be in that vote and number three the client is probably also not an expert in how to get all of the information that's needed so don't have clients self-collect excuse me e-discovery information and here are seven steps to identify and preserve a client's esi i'm not going to walk through all of those because we have a couple other things i want to talk about we only have about five minutes but they are there um for reference um after the program rule 4.4 respect for rights of third persons now one of the things this rule says is if you as a lawyer receive um information and that includes electronic information so he includes emails or text messages that you know or reasonably should know was inadvertently sent you need to promptly notify the sender so make sure you're aware of that duty there are absolutely attorneys who have been disciplined or had to pay sanctions or in one case i believe this mcdermott will case i believe the attorney was actually disqualified i mean it was a lot of convoluted facts but if you do not properly notify the sender of receiving that um inadvertently sent information there can be negative consequences so make sure that you do that at the bare minimum but i do get a lot of attorneys saying well i got the information so okay i told the other side but now can i use it do i have to destroy it um do i have to refrain from reading it at all and the rules of professional conduct at least in missouri don't answer that question they explicitly say that those are um questions that are not within the the rules so in light of that fact it is a good idea to make sure that you are doing you know what's so not only do you as the recipient not really know what to do but that means you as the attorney for the client who may have inadvertently sent something or if you inadvertently send something you don't know what the other side is going to potentially be doing with that information um so i'll tell you in on the next slide you know some recommendations we have to get around that issue but one last thing on the duty to notify the sender that does not apply to metadata at least in missouri and i'm assuming um in some other states as well because this language came from the model rule you don't have a duty to search for metadata in order to notify the sender if you don't search for metadata anything that's in there you won't be responsible for not notifying so let's look at some of these federal rules that may be kind of a helpful guide as you're looking at that if you have a state matter and this the recommendation we have you know how do you make sure that something that was inadvertently sent um that the privilege still attaches to that well get a discovery order in place get a court order uh you know um whatever you want to call it get a discovery order and then get the court to enter it in place with the other side at the outset so that you can a know what the answer is going to be if your client or you accidentally send something to the other side and b that you can appropriately advise your client about what would happen if they were to do that and how that would impact their matter and you see here under at least under the federal rules for something to be considered privileged after it has been inadvertently disclosed not only does the disclosure need to be inadvertent but also the holder of the privilege has to take reasonable steps to prevent the disclosure and the holder has to take reasonable steps to rectify the error after the disclosure has been made so make sure that you have those procedures in place and you aren't merely relying on for example just a boilerplate provision in um under your signature block that says this matter or this communication is privileged and confidential one of the very last things i'll talk about here i've only got about a minute left is um this duty to make sure that your legal assistants and employees are not revealing information relating to the representation um and if they do you absolutely have a duty to disclose that confidentiality breach to all affected clients and there may be additional steps that you would need to take and one of the things that i think is important to note is that there may be a generational difference in an understanding of what is and isn't confidential information remember it's everything relating to the representation whatever its source but if you have someone you know someone younger you know maybe a gen z or who just recently graduated from college and has their first job as a paralegal at your firm they might not think there is anything wrong with um you know say um the st louis cardinals player matt carpenter is someone that your firm represents he walks in and the person takes a picture of him and puts it on their facebook like oh my gosh you won't believe why i saw it work today well probably the people who know them on facebook know where they work and why else would matt carpenter be there if he were not a client or in something related to a matter that the firm was handling that's confidential right but the if you simply tell this the staff member don't reveal any confidential information they might not even think of that as confidential so understanding maybe a generational gap in knowledge is important whenever you're having conversations with clients about the appropriate way to protect this type of information last thing i'll say i'm at one o'clock now i will tell you that this is the uh missouri actually this may this may not even be the current version but if there is a breach this is what a missouri attorney would be required to do under the missouri statutes as far as everyone they have to notify so it goes even beyond duty to notify current clients ethically um there's one of these in every state and they're maybe even different in every state so i will say my final word of guidance to you is if you find yourself in a situation uh or if you think you might find yourself in a situation where there's any type of cyber breach which if you're an attorney it's probable that it will happen one day you need to get cyber liability protection talk to your carrier and see if they cover it um automatically on their policy as the bar plan does or if they don't make sure that you get um some type of addendum to your policy and you are protected that brings me to the end again thank you guys so much for um for participating reach out to me at that email address if you have questions i hope that you learned something and i hope everyone stays well happy to stick around if anyone has any additional questions but otherwise i'll see you later i'll hand it off back to you jennifer thanks whitney that was fabulous i don't see any other questions at the moment i can't hang out for just a minute but i will say you gave us a lot to think about and i appreciate that i have gotten a few questions about the materials so for those of you that still would like to download them you can find them on our website that's alaris.us backslash cle training and um if you're interested you can reach out to whitney as well um william last comment was excellent presentation thank you so i don't have any more questions um so thank you again and we'll be in touch i might ask you to come back when you've got a lot of information that's very valuable to all of us so you know where to find me all right this will conclude our webinar have a great day everyone stay safe bye everybody