A recently adopted amendment to the comment of Model Rule 1.1 (on competence) explains that being "competent" requires lawyers to understand "the benefits and risks associated with relevant technology." Presumably, therefore, lawyers who do not understand the technology they are currently using in their practice can be found to be incompetent and, thus be subject to sanctions for a violation of the rules of professional conduct. Also, as everyone probably knows, another rule requires lawyers to use reasonable care in protecting the confidentiality of client data.
Because client data is often stored and shared using "technology", it is interesting to ask whether lawyers truly understand the implications of using that technology to handle the data. Are lawyers really competent in this area of the practice of law? Are lawyers really using reasonable care when attempting to protect the information?
The results of a recent Lexis/Nexis survey suggest that the answers to both questions is no. The survey asked about the tools lawyers and legal professionals are using to protect their clients’ privileged information and according to some commentators, 77% of the lawyers surveyed did not have adequate security for their confidential client data. Here is a podcast on the subject featuring two experts on digital security and a lawyer/journalist who has written about the implications of the survey.
