Tag: Legal Ethics

Whoops! The New Rules, Law Firms and Cyberattacks

By Edward McIntyre

Macbeth, Duncan and Sara were enjoying a celebratory toast at the Red Coach & Horses when MacTavish, drink in hand, joined them.

“Have you guys seen the news about that major law firm. Had its computer network hacked? Massive embarrassment, for sure.”

Duncan nodded. “I understand the FBI divides law firms into two kinds. Those that’ve been hacked — and those that will be.”

MacTavish laughed and sipped his scotch.

Macbeth cautioned, “Not sure I find much mirth in their misfortune. Not only embarrassing. They have to confront a myriad of liability issues. And think of the ethics nightmare.”

MacTavish looked surprised. “Ethics? How so?”

“Have you looked at the new and revised Rules of Professional Conduct? The ones that just became effective on November 1?”

“Not yet. On my to-do list. But —”

“When you get around to it, take a hard look, for example, at rule 5.1. It’s new in California. We’ve never had anything like it before.”

“What’s it about?”

“It imposes on lawyers with law firm management authority the obligation to ensure that the firm has in effect measures that give reasonable assurance that all the firm’s lawyers comply with the rules. And with State Bar Act.”

“Seems like a bit of an overreach, but —”

“It also requires lawyers with supervisor authority over another lawyer to make sure that lawyer does the same. Rule 5.3 applies the same obligations to the supervision of non-lawyer personnel, whether employees or not.”

“But what’s all that got to do with a computer hack?”

“I assume we agree that, as lawyers, we possess a vast trove of sensitive and confidential client information. Financial data. Transaction and litigation strategies. Personal information. Perhaps health histories.”

“Sure. Necessary to the practice.”

“Rule 1.6 and 6068(e)(1) require us to hold client confidential information inviolate. At almost any cost.”

“New number, huh. OK, understand that.”

“Further, rule 1.1 requires competence, including — in this digital era — staying knowledgeable about the benefits and risks associated with technology.”

“Well —”

Macbeth held up his hand. “Finally, rule 1.4 requires lawyers keep clients reasonably informed about significant developments related to the representation.”

“All fine. But I was talking about a computer hack —”

Sara smiled as Macbeth nodded to a waiter for another round for the table.

“We were indeed. Let’s start with rules 5.1 and 5.3 — even before any computer breach occurs.”

“If you want.”

“Given the prevalence of cyberattacks, likely firm managers and supervisors have an ethical obligation to ensure the firm has adequate cyber protection already in place —current and updated — to prevent the loss of any client information that rule 1.6 requires the firm’s lawyers keep confidential.”

“Good thing I’m a sole practitioner —”

“A manager of your own firm, in other words.”

“Ouch.”
Read More

Communication with Clients — Utmost Importance

By Michael Crowley

California attorneys are constantly reminded that the number one reason for complaints to the state bar about attorneys is the failure to respond to requests for information from clients. Why? Think about it.

Besides avoiding problems with the state bar by violating the California Rules of Professional Conduct, what does good communication do for you and your law practice?

  1. Fosters good relations with your client;
  2. can often provide you with additional information you weren’t aware of from the client and preempt problems down the road;
  3. can lead to additional referrals because you have stayed in communication; and,
  4. perhaps most important of all, it is one of the few things we can single-handedly control.

We can’t control what the court will do. We can’t control what opposing counsel will do. We can’t control how events can change things. We can, however, control how often we pick up the phone to call a client or write an email. We can also strive to control how our staff interacts with our clients by making sure they are in the loop on the cases, including knowing deadlines and court appearances approaching.

Setting aside for the moment these considerations that likely just fall in the realm of good business practices (which by the way, failure to know good business practices is another high-on-the-list reasons for state bar complaints) what are the rules?

California Rules of Professional Conduct (CRPC) Rule 3-500 requires that we keep our clients “reasonably informed about significant developments relating to the employment or representation.” The rule goes on to state that this includes “promptly complying with reasonable requests for information and copies of significant documents when necessary . . .” (emphasis added).

Rule 3-510 requires the communication of settlement offers along with “all terms and conditions of any offer made to the client in a criminal matter; and all amounts, terms, and conditions of any written offer of settlement made to client in all other matters.” Again, the rules state this will be done “promptly.”

These communications must be made within the current rules. We all know that we must maintain our communications confidential. To drive this point home, both the Business and Professions Code 6068(e)(1) states we must “maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client,” and CRPC 3-100 restates it by referencing B&P §6068 and stating information can only be revealed with “informed consent of the client.”

In these days of hacking, cyber-thefts and malware we are responsible for taking reasonable steps toward preserving our client’s confidential communications. One step is discussing it with your client and placing it in your retainer agreement that your client’s emails are not always confidential. For example, the use of a company email when the company’s policies allow for their access to employees’ emails calls for your client to set up a separate email for you to communicate with the client confidentially.

We all have experienced pesky and annoying clients. But the rules don’t provide an exception as to those clients. Seldom does procrastination as to your communication make it any better. The rules require your “prompt” communications with your client, good business practices dictate it and avoidance of state bar problems make it an excellent practice. We should all endeavor to lower the lack of communication from the top reasons for state bar complaints.

Michael Crowley is the Founder and Lead Attorney of the Crowley Law Group.

This article was originally published in the SDCBA’s “Ethics in Brief” column series.

**No portion of this summary is intended to constitute legal advice. Be sure to perform independent research and analysis. Any views expressed are those of the author only and not of the SDCBA or its Legal Ethics Committee.** Read More

Teaching Lessons: Students Rewrite the Rules of Professional Conduct in a Blank Slate

By Edward McIntyre

A good friend asked me to lecture to her business ethics class at San Diego State University, mostly juniors and seniors. During class, she would mark the 54 students on “participation,” so I quickly scrapped the “lecture” idea. Instead, the class at large — from scratch and without advance acquaintance with our Rules of Professional Conduct — would develop a set of ethics rules for a profession. Lawyers. In little more than an hour.

We started with some context: what lawyers do. The assumptions were: lawyers represent clients before tribunals; they counsel clients; they deal with non-client third parties on clients’ behalf.

With only this brief context — and perhaps material they had read for the course, and their own experience and ethical norms — the students addressed the question: What do you expect of your lawyer, focusing only on ethical standards?

First, Confidentiality.

This was the immediate and spontaneous response to the question. All who contributed to the discussion thought confidentiality was a key ethical requirement. What you say to your lawyer had to stay with that lawyer. Much later in the class, when we discussed the confidentiality mandates and exceptions in Business and Professions Code Section 6068(e) and ABA Model Rule 1.6, reactions were mixed. More about that below.

Next, Fair Fee.

I was surprised that this was the second ethical norm the class developed. Not only did participants think that fair fees were an important ethical component of the lawyer-client relationship, but also that the lawyer had to be efficient in delivering services — a corollary to a fair fee.

Loyalty.

The class wanted a lawyer who would represent their interests, no matter what conduct was involved, and not to judge the client. Rather, they wanted a lawyer who was devoted solely to the client’s best interest. They also wanted a lawyer who could focus on what was best for the client, no matter who the client was.

Conflict-Free Representation.

Another element of the relationship important to the class was that the representation be without conflict of interest — either with some other client or with the lawyer’s own interests.

Candor to the Client.

All who chimed in saw candor as important, as well as communication from their lawyer. In this context, they not only did not want a lawyer to misrepresent facts to them, but they also wanted a lawyer who was not afraid to deliver, honestly, uncomfortable or bad news.

Candor to the Tribunal.

A few saw this norm as important for the judicial system to function, but they emphasized that such candor had to be subordinate to the obligations of confidentiality and loyalty to the client. Confidentiality and loyalty remained the predominate ethical norms.

Competence.

The class thought competence was not just an important behavioral aspect of a lawyer’s representation, but also a lawyer’s ethical obligation. As the discussion of this norm continued, diligence and communication became part of the element of competence.

Ethical Reputation.

Several in the class said, and the balance appeared to agree, that a lawyer had an ethical obligation to maintain her or his reputation as an ethical lawyer in the community. As one student offered: “I don’t want to hire a lawyer and find out two months later that he’s been arrested for drug dealing or disciplined for misconduct. I want someone who’s known to be ethical.”

Confidentiality Revisited.

Toward the end of the class, I shared with them, Section 6068(e)(1)’s strict mandate — at every peril to herself or himself — and the permissive exception of Section 6068(e)(2). The reaction was mixed whether a lawyer should disclose a client confidence even to prevent the death or serious bodily injury of a third party, using a variant of the Tarasoff facts to provoke the discussion.

We then looked at ABA Model Rule 1.6, which has a permissive exception to confidentiality to prevent serious financial harm to another when the client is using the lawyer’s services to cause that harm. We used the Enron case as an example.1 Most of the class felt no disclosure was the proper ethical norm when only financial harm was at stake.

One interesting exception: a student who thought there should be no exception with the Tarasoff facts — threatened death of a girlfriend — saw a basis for the ABA Model Rule exception when the serious financial harm would affect many people. We agreed it would be better to be his broker than his girlfriend!

Sex With Clients.

As promised at the outset, we had the conversation first and saved sex until last. The scenario was a 38-year-old lawyer who agrees to represent a 19-year-old “Dreamer” college student pro bono, and says he has creative strategies to deal with DACA; over time he invites her to dinner, the theater and eventually his Mission Hills condo where they engage in consensual sex.

The overwhelming majority of the class thought this was ethically wrong.2 As one student put it: “If he wants to continue the relationship, he should get her another lawyer who can represent her.”
Unfortunately, time came for class to end. The experience, however — a group of smart, articulate, thoughtful college students — sheds a bright light on the ethical standards our clients and the public in general may expect from us.

Edward McIntyre (edmcintyre@ethicsguru.law) is an attorney at law and co-editor of San Diego Lawyer.

This article was originally published in the May/June 2018 issue of 

San Diego Lawyer Read More

It’s a Small, Small World: GDPR — not just for EU lawyers

By Edward McIntyre

Macbeth and Duncan were returning from court when Clyde Tabbit caught up with them.

“Macbeth, got a question. Got a minute?”

“Here’s our building. Let’s go up to the office.”

“Really shouldn’t take long. Just a quick ‘yes’ or ‘no’ —”

“You never know, Clyde. Come, join us.”

When the trio were seated in Macbeth’s conference room, Sara joined them.

“Now we’re all here. OK, Clyde, what’s the quick question?”

“Well, I keep getting strange requests from a couple of clients.”

“Proceed.”

“So, I represent a guy who moved to Italy years ago. Permanently. But still has a business here. As well as in Italy and other places.”

“We get the picture. What’s the issue?”

“Well, he keeps making these flaky demands on me to identify all the information I’m ‘storing’ — Clyde used air quotes — on him. On his companies. Getting more and more insistent. I’ve blown him off. But he won’t stop.”

“Let me see if I understand. He resides in Italy. A citizen there?”

“Yep, dual. Some family connection.”

“You provide legal services to him?”

“Of course. He’s my client. Both him and his businesses. There and here. Why?”

“Have you noticed all the ‘privacy updates’ you’ve been getting recently? From social media sites and other internet providers?”

“Come to think of it, yeah. Keep getting one from CNN about terms of service and privacy and stuff. Annoying. Even from some law firms. Can’t figure why.”

“Likely GDPR compliance. I suspect that’s what’s triggered your Italian client’s requests.”

“GDPR?”

Macbeth nodded to Sara.

“The General Data Protection Regulation. Enacted in 2016, but effective May 25, 2018. The GDPR’s purpose is to provide a uniform law governing the protection of personal data across the European Economic Area. That’s the EU plus three other European countries. It replaces the individual national laws passed under the 1995 Data Protection Directive. The GDPR is intended, among other things, to clarify, strengthen and modernize data protection. Especially in light of the changes in how companies collect and process personal information.”

“So what. I’m not in Europe.”

“You provide services to a European citizen, living there. Some of the services related to his businesses there. Does he pay you in euros or dollars?”

“Euros. Conversion costs me money every time. But I’m here, not there.”

Sara continued. “The GDPR applies to any organization collecting or processing anyone’s personal information. Think ‘personal data.’ If that collection or processing is done in relation to activities of the organization established in the EU. No matter where the collection or processing takes place.”

“See, I’m not an ‘organization established in the EU’ — more air quotes. Doesn’t apply.”

“I understand your point. But if a U.S. firm offers services to EU residents, then the firm is subject to the GDPR. It’s a fact-based analysis whether a company is offering services to EU residents, but services payable in euros likely would be.”

“Ouch. Does that include my clients in France and Sweden, as well?”

“France is part of the EU; Sweden, joined the EEA. So, yes.”

“What does all this mean?”

“Essentially, it requires greater transparency by those who collect or process data to the owners of the data — among a lot of other things. Very stiff penalties for non-compliance.”

Clyde looked to Macbeth. “What does this mean for me?”

“From a professional responsibility viewpoint, two things come immediately to mind.”

“OK —”

“First, you have an ethical obligation under Rule 3-500 to respond to reasonable client inquiries. Given the effective date of GDPR and your transparency obligations, you have a duty to respond to your client’s questions.”

“All of them?”

“I’ll let Sara spend time with you about the GDPR requirements. She’s our expert. Ethically, the requirement is to keep the client ‘reasonably informed’ about significant developments in the representation. I think a change in law this significant to a client’s rights would be considered a ‘significant development.’”

“Other advice?”

“But be sure to remind your client that you, as a lawyer, are duty-bound — new Rule 1.6, former Rule 3-100, and section 6068(e)(1) — to keep all the client’s information confidential. ‘At every peril to yourself.’ You don’t share it. That should address some of the client’s legitimate data privacy concerns.”

“Good idea. Anything else?”

“Our duty of competence requires us to have or acquire the requisite skill and learning, or consult with a competent lawyer who has them, when representing a client. A COPRAC formal ethics opinion, and amendments to two ABA Model Rules, suggest the duty of competence applies to knowledge about technology. I think a lawyer representing clients in Europe has a duty to understand those clients’ GDPR rights. And the lawyer’s GDPR obligation toward those clients.”

“Even if we practice in the United States?”

“A small world just got a lot smaller, my friend. Spend some time with Sara in the conference room. She’ll walk you through all the new GDPR data privacy requirements, including the right to ‘be forgotten’ and what that might mean to our duty to former clients and conflicts, and such.”

“Wow!”

“Wow it is, my friend.”

Macbeth and Duncan started to leave, Macbeth humming the tune from “It’s a Small, Small World.”

Editor’s Note: The COPRAC opinion to which Macbeth referred is Formal Opinion 2010-179.
See also comments to ABA Model Rules 1.1 and 1.6, competence and confidentiality. New and revised Rules of Professional Conduct become effective November 1, 2018.

Edward McIntyre is an attorney at law and co-editor of San Diego Lawyer. 

No portion of this article is intended to constitute legal advice. Be sure to perform independent research and analysis. Any views expressed are those of the author only and not of the SDCBA or its legal committee. Read More

Excessive Deposition Delays Without Sufficient Justification Leads to Terminating Sanctions

By Carole J. Buckner

Creed-21 v. City of Wildomar, 2017 WL 5484032,provides salient reminders regarding complying with local rules, scheduling depositions and most importantly, complying with court orders to avoid sanctions. The case also implicates the ethical duty of competence in managing one’s schedule, even when emergencies may arise.

The underlying case involved Creed-21’s challenge to a proposed Wal-Mart based on the California Environmental Quality Act (CEQA). The appellate court upheld a terminating sanction imposed after Creed-21 failed to comply with court orders requiring the deposition of a person most qualified (PMQ) regarding Creed-21’s standing in the case. The deposition, first noticed in August 2015 for September 2015, triggered objections as to the propriety of the discovery. The proponent’s efforts to resolve the dispute failed in part because Creed-21’s lead counsel Briggs was in trial. Ultimately, Briggs invited a motion to compel, or offered to file a motion for protective order.

In November, a motion to compel the PMQ deposition was filed. The court granted the motion, and awarded $3,000 in sanctions. An ex parte application seeking relief from the court’s order followed claiming that counsel for Creed-21 was not aware of the local rule requiring that he provide notice of appearance by telephone or in person, rather than via email. Wal-Mart argued that lack of knowledge of the local rules was “professional incompetence and not a mistake that justified relief.” At the hearing, attended by Creed-21’s attorney Kim, the court also directed that the deposition be scheduled on February 8, despite being informed by Kim that Briggs, who intended to defend the deposition, had a family emergency. The court indicated if that date did not work, any ex parte application would need to demonstrate good cause for another continuance.

A petition for writ of mandate concerning the appropriateness of the discovery was summarily denied on February 5. An ex parte application followed to continue the deposition asserting that Briggs, an only child whose parent had undergone surgery, was needed to care for his parent for three weeks, and unable to work. Wal-Mart opposed, noting the five month lapse of time and pending briefing deadlines, and claiming attorney Kim could handle the deposition. The court denied the relief, suggesting a caregiver could watch Briggs’ parent so he could handle the deposition. Still the deposition did not go forward in Briggs’ absence. Upon his return to work, Briggs offered a deposition date one business day prior to the briefing deadline. Too late Wal-Mart said.

The court then granted Wal-Mart’s motion for terminating sanctions for willful failure to obey the trial court’s earlier orders to produce the PMQ, noting Briggs not only failed to produce the PMQ witness, but also failed to produce documents related to the deposition, and had not paid the sanctions. The judge indicated, “Nothing had worked,” including multiple orders and sanctions. On review, the appellate court found no abuse of discretion given the lack of compliance with the court’s directives.

Carole J. Buckner is a Partner and General Counsel at Procopio, Cory, Hargreaves & Savitch LLP. Read More

New Fingerprinting Rule

By Deborah Wolfe

California attorneys need to know that as of June 1, 2018, all members of the California Bar are required to submit their fingerprints electronically to the State Bar. Most of us were fingerprinted (with real ink!) when we were sworn in as active members, but the Supreme Court ordered on May 23, 2018, that most actively practicing attorneys must be re-fingerprinted electronically by an approved Department of Justice Live-scan provider no later than April 30, 2019. Registered in-house counsel and foreign legal consultants need to submit fingerprints when renewing their registration by February 1, 2019. Failure of an attorney to comply with this Rule of Court, specifically Rule 9.9.5, by the deadline, subjects the attorney to monetary penalties, including potentially a license suspension (involuntary status change from “active” to “inactive”) until the requirement is met.

Why now, you ask, are we suddenly required to go through this exercise again? Apparently, for the past 30 years, the State Bar has been out of compliance with the statutory requirement under the rule, because it failed to receive notification of subsequent arrests and convictions from the California Department of Justice (DOJ). Even though all lawyers were fingerprinted before admission to the bar, for purposes of ascertaining the lawyer had no criminal arrests or convictions, the actual fingerprints were not maintained—by either the State Bar or the DOJ—for future notification services. The State Bar’s main function is to regulate the practice of law in order to protect the public from unscrupulous lawyers. In order to comply with the mandate of the California Rules of Court, the State Bar entered into a contract with the DOJ for subsequent arrest notification services for attorneys who are active and licensed by the State Bar and, for attorneys permitted to practice in California under other special admissions rules. All active licensed attorneys must be fingerprinted for the purpose of obtaining criminal record information, including state and federal level convictions and arrests from the DOJ and the FBI.

It is important to note that any information that is obtained by the State Bar must be kept confidential and used solely for State Bar licensing and regulatory purposes. As would be expected, the costs and fees for the processing of fingerprints for the State Bar must be borne by the attorney. If the attorney can show a demonstrable hardship, the State Bar is required to develop procedures for granting fee waivers. There are also provisions in the law to accommodate attorneys who for physical reasons, such as disability, illness, accident or other circumstances beyond their control cannot provide fingerprints, but these must be proven to the DOJ to obtain a waiver of the requirement.

To comply with the law, simply go to your member profile page on the State Bar’s website, www.calbar.ca.gov, download and print the forms designated as “Fingerprinting Rule Compliance Documents,” and follow the instructions given on the State Bar’s website for properly registering your compliance. Costs for the Live Scan vary from $5 to $75, with the average cost being $33. There are additional fees due the DOJ and the FBI totaling $49.

While it is somewhat of an inconvenience for attorneys who are already licensed in the State to provide fingerprints, it is a measure that serves to maintain the public’s trust and confidence in the legal profession by appropriately overseeing that attorneys are held to a high standard of conduct.

Deborah Wolfe is an attorney at law. 

This article was originally published in the SDCBA’s “

Ethics in Brief Read More

The New Rule 4.1 “Truthfulness in Statements to Others”

By Richard D. Hendlin 

When the new and revised Rules of Professional Conduct become effective on November 1, 2018, California will finally join the other 49 states which have already adopted some version of American Bar Association (ABA) Model Rule 4.1 “Truthfulness in Statements to Others.”  California’s Rule 4.1 provides:

In the course of representing a client a lawyer shall not knowingly: Read More