Provider :: Stuart Teicher

Supervision and the problem of rogue nonlawyer assistants April 08, 2019

I read a scary article recently about data leaks.  It didn’t come out of the legal world, but I think it’s applicable to our industry nonetheless.  And the danger that made my ears perk up wasn’t about the fact that data was leaked in and of itself, but it was about how that data was leaked.  Apparently, a study commissioned by Egress Software Technologies revealed that “79 percent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61 percent believe they have done so maliciously.”, last checked by the author on March 26, 2019. It’s that last part of the quote that caught my eye— 61% of IT leaders believe that their employees put their company’s data at risk maliciously.  The ethical concern that came to mind is the following: our nonlawyer assistants could reveal our clients’ information purposefully/maliciously, and that invokes our duty to prevent such disclosure by properly supervising those nonlawyer employees. 

Lawyers do, indeed, have a duty to supervise those non-lawyer personnel.  That responsibility is set forth in Rule 5.3, which states:

Rule 5.3. Responsibilities regarding non-lawyer assistants 

With respect to a nonlawyer employed or retained by or associated with a lawyer: 

(a) a partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that the person's conduct is compatible with the professional obligations of the lawyer; 

(b) a lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person's conduct is compatible with the professional obligations of the lawyer; and 

(c) a lawyer shall be responsible for conduct of such a person that would be a violation of the Rules of Professional Conduct if engaged in by a lawyer if: 

(1) the lawyer orders or, with the knowledge of the specific conduct, ratifies the conduct involved; or 

(2) the lawyer is a partner or has comparable managerial authority in the law firm in which the person is employed, or has direct supervisory authority over the person, and knows of the conduct at a time when its consequences can be avoided or mitigated but fails to take reasonable remedial action. 

I believe that the lawyer’s duty to supervise under Rule 5.3 would likely include the need to ensure that the firm be on the lookout for rogue employees who might maliciously reveal our clients’ information.  This seems to be a logical extension of lawyers’ existing obligations.  It happens to be a very real concern, given what’s happening in the world today.  For example, according to Forbes, in 2017 a firm with offices in Bermuda suffered a loss of 13.4 million files and another firm in Panama had 11.5 million documents leaked.  At the time that I last researched the story it was still unclear about who was responsible for those leaks, but indications were that it was an inside job. Meaning— some employee went rogue.

The problem of rogue employees revealing confidential information seems to have taken on increased importance, given the Wikileaks issues and Edward Snowden revelations. Some might feel emboldened by what they perceive to be whistleblowing actions that help protect society.  I am certainly not in any position to make a judgment call about that.  But I am able to ring the warning bell from an ethical standpoint.  Lawyers need to supervise our staff (per Rule 5.3), to ensure that our nonlawyer personnel don’t take matters into their own hands and disclose client information when that employee feels, personally, that it is their societal duty to do so.  We need to make sure that the employee’s “ conduct is compatible with the professional obligations of the lawyer” and that includes protecting client information. Rule 5.3(a).

Of course, some people will argue that it’s impossible to defend against the most cunning of employees who are bent on stealing information.  That may be so.  But the extent of supervising lawyers’ liability will depend on the circumstances. What’s important is to understand that the potential for rogue employees taking client information exists and it should be considered seriously. 

If you liked this blog, please remember to share it with your colleagues via: Share Blog via Email

See Less
The Hidden, but Fixable Danger with PDFs October 25, 2018
Imagine this hypo: You’re working on a transaction for a client, and the lending institution needs to send money to your trust account on your client’s behalf.   — Stay with me — this is not going where you think —   The lender sends you a fillable PDF form where you’re supposed to provide your wiring information (routing number, account numb ...See More
I don't know WHY they bothered... July 13, 2018
In 2018 there was an opinion issued by the American Bar Association. For the life of me, I don’t understand why they wrote this opinion. Formal Opinion 481 entitled, “A Lawyer’s Duty to Inform a Current or Former Client of the Lawyer’s Material Error” was issued on April 17, 2018. There’s nothing so earth shattering about requiring a lawyer t ...See More
Wait, so you’re saying zealous is bad?? June 04, 2018
        Believe it or not, but there are critics of our ethics rules. I know what you’re thinking, “How could that be? They are PERFECT.”  I’m sorry to burst your bubble, but there really are scholars who have taken shots at the code. One of the biggest complaints is that the current code amounts to nothing more than a how-to manual.  How-to stay ...See More
An ethics a fish tank? April 25, 2018

Frictionless computing is an emerging technology and it poses some serious ethics risks.  There was recently an article about it that raised my eyebrows, so I wanted to let you know about this danger.

...See More

Firm Name:

Firm Name:

© 2020 ALM Media Properties, LLC. All rights reserved
Live Chat