Texas lawyers are subject to new requirements to satisfy duty of competence.
By Elizabeth A. Rogers
A Texas lawyer’s competence has traditionally been measured by his or her experience and knowledge of a substantive area of the law. But on February 26, 2019, Texas became the 36th state1 to formally adopt an expanded definition of a lawyer’s competence to include an “ethical duty of technology competence” when the Texas Supreme Court entered its order, amending Comment 8 to Rule 1.01 of the Texas Professional Rules of Disciplinary Conduct.2
8. Because of the vital role of lawyers in the legal process, each lawyer should strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology.3
A common question is “what does technology competence mean for lawyers?” Language in the resolution submitted by the State Bar of Texas Computer & Technology Section suggests an answer:
…“[T]he practice of law is now inextricably intertwined with technology for the delivery of services, the docketing of legal processes, communications, and the storage and transfer of client information, including sensitive and confidential private information and other protected data.”
The vagueness of the
amendment, however, provides space for the answer to this question to
evolve with changes in technology. New technologies enter the legal
market every year and maintaining technology competence will now require
a lawyer’s knowledge about these advancements to continually grow.
Specifically, lawyers will be expected to know how those tools affect
delivery of legal services to their clients. For example, if an easily
adaptable and affordable technology solution allows for legal services
to be delivered more efficiently then, under certain circumstances, it
may be considered a violation of the ethical duty of technology
competence to bill more time than necessary to complete the project
instead of purchasing the technology solution.
A further example involves the common law duty to protect client information and/or contractual and regulatory obligations to protect personally identifiable information and health and financial information relating to clients. Although lawyers will not be expected to know specific technical details of a network or to become subject matter experts in the field of information security, compliance will require attorneys to understand limitations in their knowledge and to obtain sufficient information to protect client information, to get qualified assistance if necessary, or both.
Therefore, the ethical duty of technology competence may be discharged differently for lawyers in medium to large law firms versus for lawyers in small firms or solo practitioners. Generally, medium and large law firms maintain at least one or more professionals with the responsibility to provide a reasonable security program for the protection of firm and client data. Thus, lawyers working in larger firms will not individually bear the responsibility for overall firm information security but should generally understand and comply with the firm’s information security and privacy policies as well as complete annual information security training.
For small firm lawyers and solo practitioners, the ethical duty of technology competence can present a challenge because most lawyers are not technologists and often lack training and experience in security. Nevertheless, like the duty of legal competence, lawyers in small firms and solo practitioners will be expected to comply with the ethical duty of technology competence by taking continuing legal education courses focused on technology for law practice management and/or by outsourcing information security services to other professionals who are competent in the area or both. These steps will likely be regarded as minimum standards, and failure to comply with them may constitute unethical conduct.
Even before the amendment to Comment 8, Texas lawyers had already become accustomed to client demands for use of available technology to increase efficiency and responsiveness. As the technology underlying our practices has evolved, requiring us to be familiar with these risks and take reasonable measures to guard against them, so too has our ethical duty of competence evolved. The amendment to Comment 8, of Rule 1.01, simply makes the evolution official.TBJ
ELIZABETH A. ROGERS
is a partner in Michael Best & Friedrich’s Privacy & Cybersecurity Practice Group and is based in the firm’s Austin office. She focuses her practice on a variety of regulatory, cybersecurity compliance, and technology-specific privacy matters including breach responses, privacy risk assessments, and enterprise-wide cybersecurity compliance frameworks across industries such as retail, health care, financial services, energy and retail electric providers, education, and state and local governments.