ethos As Law And Technology emerge

Thursday, November 1, 2007 - 01:00

Even as we approach the one-year anniversary of discovery-related revisions to the Federal Rules of Civil Procedure (FRCP), they remain collectively one of the hottest topics in the legal profession. The overt commingling of staid legal procedure with its restless suitor, information technology ne "electronically stored information" (ESI), is still (and justifiably) the cause clbre of conferences, seminars and symposiums throughout most jurisdictions.

The ramifications of these FRCP changes to the practice of law are reminiscent of two other federal events: the 1999 Gramm Leach Bliley Act; and, the 2002 Sarbanes Oxley Act. As described below, the former had only temporary impact; and, the later is scripted for relatively narrow application. Effects of the discovery-related revisions to the FRCP will be neither temporary nor narrow.

For almost two years after its passage, the Gramm Leach Bliley Act (GLBA) (also known as the " Financial Modernization Act of 1999 ") and its information security provisions had little impact on the practice of law, except for those attorneys directly involved in the banking industry. After the Federal Trade Commission (FTC) ruled in 2001 that attorneys themselves qualified as "financial institutions" within the FTC's purview, a firestorm ensued. Lawyers were already bound to duties of privacy and confidentiality through each state jurisdiction's Rules of Professional Conduct. Consequent to the GLBA, could the FTC legitimately impose new or different regulations on lawyer-client privacy and confidentiality? The legal industry immediately scrambled to both satisfy and protest the GLBA's information privacy requirements.

In 2003, the FTC announced it would not enforce alleged breaches of the GLBA pending resolution of challenges by various bar associations. In 2005, the U.S. Court of Appeals (D.C. Circuit) held that by attempting to regulate the practice of law, the FTC had clearly exceeded its statutory authority. The FTC's "turf grab" through the GLBA therefore proved of temporary consequence.

In 2002, during the GLBA firestorm, Congress passed the Sarbanes-Oxley Act (SOA) to reform specific aspects of corporate governance. With the SOA came new rules by the Securities & Exchange Commission (SEC) to establish "minimum standards of professional conduct" for certain attorneys. In contrast to the GLBA, the SAO/SEC regulations regarding attorneys' professional conduct remain in force today because they apply only to those attorneys who appear and practice before the SEC; and, they are meant to supplement state rules, not compete with them.

Today, the effects of discovery-related changes to the FRCP are still being sorted. They lack the fatal controversy of the GLBA and the narrow application of the GLBA. The "new rules" of the FRCP are here to stay, with most state jurisdictions considering and adopting similar revisions.

By their nature, the FRCP rules concern litigation. The new FRCP revisions will, however, have profound impact on both litigation and corporate counsel. Whether or not litigation is ever anticipated by a corporation or its counsel, the new ESI rules are of critical importance to every corporate counsel because corporations are a prodigious source of ESI. Failure to adequately appreciate and address these new ESI provisions could have catastrophic consequences to both corporations and their counsel.

Given the dynamic nature of information technology, which is at the root of the new rules, staid legal procedure may be no more. As technology continues to change and emerge, interpretation of the rules of civil procedure will, too. How then to anticipate and accommodate the consequences of the new FRCP? At risk is not only measurable success and sanction, but also intangible reputation and standing. At risk is ethos.

Aristotle opined that ethos is that which establishes credibility, including knowledge and expertise. In the modern practice of law, ethos is increasingly dependant upon knowledge and competence (if not expertise) regarding ever-evolving information technology. As attorneys in the modern world, our actions regarding ESI significantly impact our credibility. Many of the primary duties we are obligated to uphold now relate to our knowledge and competence regarding email, metadata, bytes, servers, accessibility, encryption and other facets of ESI. Just as with the GLBA and the SAO, the FRCP revisions affect the very core of the legal profession - the rules of professional conduct.

An inclusive list of questions and issues linking the FRCP and MRPC may be impossible to generate, but as the philosopher Lao-tzu stated, "the journey of a thousand miles begins with a single step." A successful client-lawyer relationship is the first step toward building and protecting corporate counsel ethos. While three of the ABA's Model Rules of Professional Conduct (MRCP) regarding the client-lawyer relationship are referenced below, please seek and review your jurisdiction's particular rules in order to best protect your own credibility. The rules of professional conduct vary, however, between jurisdictions; and, jurisdictions with similar provisions may interpret them very differently.

Three Rules ( Of Many)

1.1 Competence.

The MRPC state that:

A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.

Given that most corporate documents are created electronically and few are ever converted to paper form, you probably generate a significant amount of ESI yourself. Your personal experience with ESI may provide helpful context for professional ESI competence. Regarding your personal ESI, do you know: How much you generate? Of what type? Where it's stored? How long it's stored? Who can access it? Whether your on-the-clock ESI habits conform to your employer's policies?

As corporate counsel, understanding and knowing the corporation's ESI habits and policies may be "reasonably necessary" to achieve your representation. Do you know and understand the corporation's policies regarding:

• Employee use of corporate email?

• Employee access to non-corporate email accounts?

• Storage of work-related documents and loose files to either a hard drive or network shared drive?

• Permissible variances in electronic data access and storage policies among different work groups or departments?

• Explanation of these policies during each employee's hiring/review process?

• The use and storage of voicemail?

• Timeframe for which ESI is supposed to be generally preserved? Of specific departments or personnel?

• Whether policies for the above-listed items are express and formal; constructive; or, informal - reliant upon some individual's "best judgment?"

• Who individually or collectively is responsible for creating ESI policies? Enabling ESI policies? Enforcing ESI policies?1.2 Scope Of Representation And Allocation Of Authority Between Client And Lawyer.

The MRPC state that:

a lawyer shall abide by a client's decisions concerning the objectives of representation and,shall consult with the client as to the means by which they are to be pursued.

If your corporation decides to hire outside counsel for litigation or some other purpose, the corporation's ESI may be a critical component of this outside representation. Corporate counsel usually has a role in choosing the outside counsel and shaping the relationship between it and the corporation. What level and frequency of communication will occur during the outside representation? Will the corporate and outside counsel split or share ESI collection and/or review efforts? Will outside counsel or the corporation determine if/when/which vendors are contracted to assist?

1.3 Diligence.

The MRPC state that:

A lawyer shall act with reasonable diligence and promptness in representing a client.

For corporate counsel, diligence regarding ESI has at least two separate foci. First, to be diligent in knowing, creating, auditing and enforcing the corporation's general ESI policies. Does IT have the resources to actually achieve corporate policies? Where and how do corporate ESI practices vary from purported policies? Second, when the threat of litigation exists, to be diligent and ensure the preservation of potentially relevant ESI - even at the expense of the corporation's general ESI policies. Has an appropriate litigation hold been created and issued? What measures will you take to ensure the corporation compliant with the hold?

Basic Principles

Consequent to recent changes of the FRCP, the professional ethos - credibility, knowledge and expertise - of attorneys is now entwined with information technology. Information technology will never be "settled" because its very nature is of growth and change. Interpretation of the FRCP will therefore remain dynamic as well, evolving as technology itself evolves. Basic principles - the Rules of Professional Conduct - are a critical resource in the exploration of duties and responsibilities imposed by the FRCP revisions. As law and technology now officially merge, the ethos of law must continue to emerge.

Andrea Marshall, Esq. is a legal consultant for Kroll Ontrack Inc, a company specializing in electronic and paper discovery, computer forensics, and trial and presentation services.

Please email the author at amarshall@krollontrack.com with questions about this article.