News & Insights
Spring Cleaning for Lawyers: Meeting Ethical Obligations and Minimizing Litigation Risk in Today’s Remote Environment
FIRST PUBLISHED BY THE TEXAS LAWBOOK
March 18, 2022
Thanks to the pandemic, it is likely at this point that each of us has at least one colleague, client, co-counsel, and/or opposing counsel we have never met in person—not to mention one or more judge in front of whom we have not yet physically appeared. And more of us are practicing law in environments (both physical and electronic) that may not be secure.
Three main ethical considerations thus arise when discussing technology and remote work: ensuring proper, complete communications with clients; working remotely without running afoul of unauthorized practice of law rules; and—perhaps most importantly—ensuring the protection of client confidences. Recognizing this, the American Bar Association recently issued two opinions touching on remote work: Formal Opinion 495, issued Dec. 16, 2020, addressing remote work and the unauthorized practice of law; and Formal Opinion 498, issued March 10, 2021, addressing rules implicated when practicing virtually.
With respect to communicating with clients, Texas’s Disciplinary Rule 1.03(a) gets straight to the point: “A lawyer shall keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information.” While putting this into practice seems straightforward, ensuring that the client has heard and understands your advice is sometimes easier said than done. To avoid issues, check in regularly, even if it is a one- or two-sentence communication. And follow up an email with a phone call or a Zoom or Teams meeting. Emails can often have unintended tone or consequences, and it never hurts to add a personal touch to a sometimes impersonal method of communication.
In addition to communicating about the representation itself, it is crucial to make sure that you are also communicating about its scope. Scope is one of the most important beams in the foundation of a good attorney-client relationship, and yet one of the places most prone to risk. Minimizing that risk always involves sending an engagement letter, insisting that no work will be performed until you receive the signed copy back from your client. This is best practices even if you must send the letter in the form of an email.
As for practicing remotely without fear of drawing an unauthorized practice of law complaint in the state in which you will be working (or in which your vacation home is located), it is obviously a good idea to check the venue in which you will be practicing. Several jurisdictions (including Washington, D.C., Delaware, Florida, Maine, New Jersey and Utah) have already weighed in on the issue. If a particular state has not, ABA Formal Opinion 495 states that a lawyer may practice law while physically located in a jurisdiction where she is not licensed “if the lawyer does not hold out the lawyer’s presence or availability to perform legal services in the local jurisdiction or actually provide legal services for matters subject to the local jurisdiction, unless otherwise authorized.”
Finally, client confidentiality has never been more important than it is today, when law offices can be anywhere from an airplane to a beach to a coffee shop. But again, this flexibility comes jam-packed with risk.
Most critically, while we all know that we are required to keep privileged client information confidential, what many Texas lawyers may not realize is that the confidential client information we are duty-bound to protect is both privileged and unprivileged information under Rule 1.05 of the Disciplinary Rules. The rule defines “[u]nprivileged client information” as “all information relating to a client or furnished by the client, other than privileged information, acquired by the lawyer during the course of or by reason of the representation of the client.” Moreover, Comment 8 to Disciplinary Rule 1.01 states that lawyers “should strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology.”
To avoid issues, always be aware of your surroundings when having confidential client communications on the phone or by email, and take great care to ensure you have the proper security features on your phone, computer and other devices or platforms you use for client documents, communications, and information. Counsel your clients, colleagues, and employees to do so as well, especially with respect to social media. A seemingly simple snap of ‘office life’ could potentially yet unintentionally reveal privileged information. Ears, eyes and—these days—recording devices are everywhere. One of our lawyers tells a horrifying story about a biglaw partner who overheard two of his firm’s associates on an airplane discussing a case at length, without being aware he was nearby and listening to their every word. Upon arrival at their destination, the partner told the associates that their services were no longer needed at the firm, and that they were to clean out their desks and never darken the door again.
Among other things, consider investing in black/opaque screens for company or firm devices to prevent inadvertent disclosure of confidential information while in public. Make certain that your electronic communications are appropriately secure: for example, if you are having attorney-client communications with an outside board member on her work email address, she may not have an expectation of privacy in that email and any privileged communications could be in danger of waiver. And pay attention to seemingly-innocent ‘always listening’ devices such as Siri and Alexa, which could record your or your client’s conversations without your knowledge.
Ethical “Slack”-ing: Remote Software Pitfalls and Best Practices
If the lesson of the late 1990s to early 2010s was to avoid sending emails that you would not want to see on the front page of The New York Times, the new maxim for the pandemic era has been to avoid tweeting what you would not want to see trending. The rise of Covid-19 and remote working accelerated the adoption of social media communications and cloud-based software in the workplace. The commercial benefits of these powerful software tools are evident: They have enabled businesses to remain operational, achieve greater efficiencies, penetrate new markets and attract top talent regardless of their distance from the corporate office. But corporate counsel and the outside firms advising them would be wise to prepare for the ethical and legal pitfalls of this new landscape in workplace communications and project management, one that changes as rapidly as the pace of technological innovation. Indeed, before the pandemic, ephemeral messaging apps like Signal and Telegram were unknown or nonexistent as business applications. Now, the widespread commercial adoption of these tools, in which user messages automatically disappear within time limits predefined by users, has caught the attention of the courts. In a 2020 survey, 70 percent of judges identified ephemeral messaging as the greatest risk to e-discovery.
While the social media and cloud-based tools driving this new frontier are many, this article focuses on one of the most ubiquitous in the workplace: Slack.
Slack is a cloud-based project management software that streamlines workplace communications and collaboration. Today, it is used by 65% of the Fortune 100 and by 10 million people daily. Notably, Slack users also experience a 49 percent reduction in email usage, demonstrating that this new generation of software is supplanting email as the preferred form of communication in a remote work environment. For lawyers, this also means that discovery efforts that focus on email alone are increasingly prone to missing half the story. And to understand what to look for, lawyers must first appreciate how Slack is organized.
The Slack platform consists of workspaces with public and private communications taking place in channels, direct messaging and via virtually limitless third-party integrations. Below is a representative screenshot of the Slack platform:
The Slack platform allows users to communicate in myriad ways. They can send a private direct message, engage in public chat room conversations, share and manipulate files, edit and delete messages, send memes and emojis, and integrate third-party applications to enable additional functionality. As a result, Slack retains massive amounts of data that can be discovered in litigation similar to email and other forms of corporate messaging applications. Accordingly, in-house counsel must be proficient in understanding and avoiding the ethical and legal hazards that Slack features can present in the workplace, while outside counsel must understand how to navigate Slack functionality in the discovery process.
While emojis, memes and GIFs predate Slack, the platform has made it much easier for them to become mainstream in the workplace. Slack not only has a native emoji library but also integrates third-party applications that bring a virtually limitless volume of smiley faces and captioned cat photos to an employee’s fingertips. No longer are workplace communications limited to black-and-white text sent via structured emails; rather, they are filled with emojis, memes and GIF animations that convey reactions, emotions and thoughts that can be interpreted by another party or the jury in ways that the author did not intend. Further complicating the use of emojis is how they are rendered differently depending on the device being used to view them. For example, the “surprise” emoji shown below appears in many different forms. Thus, while the sender may see the emoji in one variation, the receiver may see it—and interpret it—in another:
These risks are exponentially multiplied in the context of the Slack workplace, where emojis, memes and GIFs can be readily exchanged in communications as they would be in personal communications. To avoid or mitigate the inherent risks associated with emojis, memes and GIFs in the workplace, the following are some best practices that can be implemented:
- Prohibit or disable the use of emojis, memes and GIFs in all workplace communications;
- Insert email disclaimers in signature blocks related to the use of emojis, memes and GIFs;
- Train employees on the risks of using emojis, memes and GIFs in workplace communications;
- Include language in precontractual communications that social media communications do not form offer, acceptance or agreement; and
- Ban third-party extensions and application programming interfaces that are not preapproved.
Slack communications are discoverable if “proportional to the needs of the case,” according to Rule 26(b)(1) of the Federal Rules of Civil Procedure. Courts determine proportionality by weighing the benefits of the discovery against the burden and expense of producing it. Counsel seeking Slack discovery or trying to avoid it must appreciate that it is unlike traditional forms of e-discovery. Most importantly, when Slack files and communications are exported, they do not retain their user-friendly form as displayed in the Slack software. Instead, they are converted to JSON files, which consist of numerous lines of code that are impossible for most lawyers to decipher.
To properly produce Slack files, oftentimes specialized software operated by third parties is required to export produced files into JSON and reproduce them in a user-friendly format that reflects the way the data looked to the parties in the lawsuit. Of course, such production means incurring additional time and expenses, which can run in the hundreds of thousands of dollars. Moreover, if the scope of discoverable information is more narrow than the Slack workspace on which the information is found, the parties may have no choice but to sift through data from the entire workspace in search of responsive information.
Courts have considered these factors in granting or denying motions to compel Slack data in several recent cases, sometimes with hundreds of millions of dollars at stake. Given the growing prevalence of Slack in the workplace and the corresponding increase in case law relating to production of Slack data, it is well past time for companies to begin treating their Slack communications like email and assume that they are discoverable. Best practices to limit the exposure of Slack communications in discovery include:
- Adopting policies limiting communication of substantive business information to email;
- Directing employees to save designated Slack communications for substantive business matters to folders segregated from frequently used workspaces;
- Working with IT to prohibit use of Slack for sensitive business projects; and
- Training employees on the types of business communications that are appropriate for email versus Slack.
Another unique and complicating aspect of Slack is its retention settings. By default, Slack data is stored forever. However, Slack allows administrators to adjust their retention settings for messages and files. For messages, Slack retention settings can be set to: (1) retain everything forever; (2) retain all messages, but not revisions or edits; (3) delete messages and revisions after a specific period of time; and (4) let users set their own retention policies. Critically, for the free version of Slack, administrators have access to and can control retention settings for only 10,000 of the most recent messages. Slack preserves the rest of the messages predating the most recent 10,000. For files, Slack offers the following retention settings: (1) retain all files forever; (2) keep all files including deleted files forever; (3) delete files after a specified time period; and (4) delete files including deleted files after a specified time period.
The implications for document preservation, litigation holds and discovery are apparent. For example, if an administrator sets an overly aggressive retention schedule, especially if a litigation hold is in place, the company may be at risk of spoliation. Permitting individual employees to control the retention of their own messages, it could lead to inconsistent preservation of documents by key employees in a lawsuit. Employees may also not realize that their IT department or Slack itself is preserving their messages, even those that they delete within their own accounts. This may lead employees to have the false impression that they can be more casual in their communications without fear of repercussions. Best practices to properly preserve documents and avoid possible spoliation claims include:
- Implementing document retention policies specific to Slack and similar team collaboration software;
- Training employees on handling Slack communications, including deleting and editing messages;
- Incorporating Slack communications in litigation holds or preservation letters; and
- Coordinating with IT in anticipation of litigation to adjust retention policies as needed.
When properly used, the technology that we have quickly and readily incorporated into our professional lives has made our work easier and allowed us to fulfill our duties to our clients with greater efficiency and professionalism. But the gun can kick as hard as it shoots; accordingly, please use great caution and take great care. And, as always, when in doubt, seek counsel.