In November, 2019, the South Carolina Supreme Court adopted amendments to Rule 1.0 (r), Rule 1.1 Comment 6, Rule 1.6 Comments 20 and 21, and new Rule 1.6(c) of the Rules of Professional Conduct. The amendments were modified versions of amendments made to the ABA Model Rules of Professional Conduct in 2012 meant to offer guidance to lawyers about technology. The Technology Committee sponsored a CLE at the Bar Convention in January, featuring national experts Sharon Nelson and John Simek who addressed best practices for lawyers to be ethically compliant and competent in the area of technology. They addressed three big areas: ethical competence in the digital area, disasters and data breaches, and the future of law practice. Here are some takeaways, but you can find this information and much more in the articles listed on their website https://senseient.com.
Most, if not all, law firms have experienced a technology security event – from malware infections to total breaches. In light of that, firms should conduct security assessments and have incident response plans. Many cybersecurity insurance policies are requiring these (the cost of cybersecurity insurance is reportedly rising). Firm training is also critical, since the majority of security issues rely on human error and gullibility. Firms should have a security policy for employees to follow, covering everything from backups, BYOD (bring your own device), acceptable use and more. Firms should also have an incident response plan to avoid running around like a chicken with … you know the rest. The plan should include contact information, immediate steps to take, and steps to resume operation. Most states have data breach notification laws, including South Carolina. Consult the law for your duties.
Ransomware attacks are evolving (think it’s some guy in Russia? These days it could be a bot or artificial intelligence). Ransoms being demanded are higher than most firms can pay. A new twist in ransomware: firms who ignore the ransom request because they have a good backup may be subject to having their data used or leaked to the dark web in retaliation for not paying the ransom. Some good news: success rates in thwarting ransomware are increasing if the FBI is notified within the first 24 hours. So, even if you have a backup, notify the authorities asap. Also good news: more banks are recognizing wire fraud attempts and stopping fraudulent transfers before they conclude.
Basic backup advice that applies to most law firm sizes: have a local (physical) backup and two cloud backups. Make sure your cloud provider allows you to control the encryption key. The speakers named Carbonite and Backblaze as good options. Make sure backups work by doing a test restore. One solo used a cloud backup and lost five years of law firm data because he’d never tried to verify if the data was restorable or not corrupted. Don’t take the word of the software that says “Backup successful!” – be certain. If you use a USB backup drive, disconnect it from the server once the backup is completed (more than one physical backup drive is recommended so you can swap them out). If you experience a ransomware attack and your backup is connected to your computer – well, there goes your backup.
Zombie data, also known as “dark data” is data you don’t realize you have. It can come up in data breaches or in cases during e-discovery. The speakers’ advice about old data: if you don’t need it, and are not legally required to preserve it, get rid of it! Don’t forget old email accounts – nearly everyone has old free email accounts they’ve ceased using. They’re ripe targets.
The speakers next turned to the Future of Law Practice. Consumers, accustomed to smart TV sets , doorbell security cameras, and Alexa, have rising expectations for lawyers. Consumers expect same day delivery of products, automated contract delivery, client portals and video chat. Trends that will grow include non-lawyer ownership of law firms, traditional legal work being done by non-lawyers and alternative legal services providers, and of course, Artificial Intelligence (AI). As an example of the rapid rate of change in AI, the speakers reported that the IBM Watson computer that defeated Ken Jennings at Jeopardy! in 2011 was the size of a master bedroom and weighed thousands of pounds. One year later, it was 18 x36 inches and weighed just 100 pounds.
Although the term AI is often incorrectly used to hype products and sound cool, in reality, AI is already in widespread use in the world’s largest law firms (but the speakers were quick to say that it is also being used by solos). Lawyers use AI for contract review, due diligence, e-discovery, legal research, predictive analytics, and more. AI represents a direct threat to some legal job sectors, including lawyers performing document review, paralegals, and even first year associates. JPMorgan Chase uses COIN (Contract Intelligence) which in seconds can do the work formerly requiring 360,000 hours a year by lawyers and loan officers.
Bar members can read many of Nelson and Simek’s articles on technology, security, ethics, and law practice on their website www.senseient.com, watch Sensei YouTube videos, or listen to Digital Detectives or The Digital Edge podcasts.
The Bar also has many resources to help lawyers with technology questions, from a lending library of ABA technology books to online resources at www.scbar.org/pmap and the Technology Committee’s page www.scbar.org/tech.
By: Courtney Troutman, Director
South Carolina Bar Practice Management Assistance Program
Mike Polk, Technology Committee Chair, South Carolina Bar
Belser & Belser, PA
Columbia, South Carolina