Rule 1.1 of the American Bar Association’s (ABA) Model Rules of Professional Conduct addresses competence and states, “A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.” The ABA modified its rules in 2012, and since then, it has provided an important update: “To maintain the requisite knowledge and skills, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
Sam Glover, a lawyer and consultant to lawyers, defines the technology competency requirement as a core obligation. Glover acknowledges that while deep proficiency across the technology spectrum is neither a realistic nor necessary standard for all lawyers, individuals in this profession should have a strong understanding of and be conversant with technologies that affect their practice. (See the end of this article for some of Glover’s additional thoughts regarding professional and technology competence.)
In addition, Glover developed a “Basic Technology Competency Checklist” (available on Lawyerist.com) that identifies four areas of competency: computer, Internet, data security, and eDiscovery. We have taken Glover’s basic construct and added to it other components related to technology that are often encountered as part of investigations and commercial disputes. These components require, at a minimum, a conversant level of understanding by lawyers to deliver client service. Figure 1 shows the framework schematic and a summary of the components.
Professional competence is defined as the capability to perform the duties of one’s profession at the appropriate skill and acceptable level of quality. The largest outer blue band includes the areas that define all practices of law: civil, common, statute, and criminal. It also includes the processes of the various court systems and jurisdictions: local, state, federal, and international. In addition, it includes the many practicing functional areas of law: employee/labor, corporate, intellectual property, mergers and acquisitions, real estate, family law, etc. One must also consider that the law crosses all industries, and these industries have their own unique guidelines, regulations, and compliance requirements.
This section covers a bulk of the basic areas identified by Glover and what the framework defines as day-to-day skills and operational computer competencies. Within this second green band are competencies that are practiced in part by virtually all individuals who work within professional services. These competencies include efficient use of computer software tools such as the Microsoft Office Suite (e.g., Excel, PowerPoint, and Word). Lawyers require tools that perform data and file conversions from text and PDF files. Optical character recognition (OCR) scanning and other specialty tools are also regularly used. Email systems (such as Outlook), time and billing applications, document and case management systems, conflict-checking applications, and other project management tools are all part of a normal set of activities in law practice and require technology competency.
The ability to conduct a Google search, navigate various government sites with respect to legal and tax filings, and perform basic research are expectations of today’s lawyers. Analysis and use of social media platforms (Twitter, Facebook, Instagram, etc.) are routine technology-related activities. As a business professional, being aware of basic privacy and security requirements and the risks associated with communications internally and externally via the Internet is a must. While having a safe and secure IT infrastructure is not something lawyers often implement themselves, lawyers must be more than simply conversant in these areas. Examples of what should be understood in practice are secure file locations and file-transfer sites, segmenting and limiting access to network file folders, and other basic data management. Lawyers should also understand policies and practices regarding data and its disposition, availability, and confidentiality, as these will periodically be addressed in client discussions. This includes understanding the usage of “the Cloud” both internally and via outsourced providers, as well as awareness of the associated benefits and risks.
This section is the white band that separates the previously defined green band from the schematic’s center portion, which includes the Data Forensics (Financial), eDiscovery, and Digital Forensics components. This band acknowledges the awareness and competency that lawyers should have with the various guidelines set forth by the Federal Rules of Civil Procedure (FRCP). Rule 26 covers discovery and disclosure. Rule 34 discusses the production of documents and electronically stored information (ESI). In addition, understanding the unique technology and process challenges related to “chain of custody” evidence collection is often vital on certain matters. Regulations and compliance must always be considered on what are often the more challenging technology competencies, as described in more detail in the next section.
This component is related to data required for a legal matter and involves numbers that are generally sourced from accounting and financial records and transactions. Numbers are often required to evaluate and calculate damages or to perform economic analyses or accounting forensics exercises, which are often necessary within an investigation or dispute. This data is often termed “structured data” and is frequently found in spreadsheets and relational databases. Often, this data is transmitted or downloaded in other formats from a company’s financial or enterprise resource planning (ERP) system. The task of finding and identifying the relevant data for a specific matter from within a company’s annual reports, general ledgers, sales invoices, or procurement systems may not be easy to decipher early in the process. This is especially true when a matter has an extended timeframe or a wide scope of data sources, and it becomes even more cumbersome when opposing parties are adversarial and, thus, may not be forthcoming.
It can be challenging to deal with a company’s information technology team (client or opponent) and to identify and obtain the relevant backed-up, archived, or outsourced data. Being aware of, comfortable using, and conversant with the related technology and processes impacting your case strategies is critical.
Within this component, the data required for a legal matter is generally words versus numbers and is often termed “unstructured data.” This data is typically located in documents, emails, or other forms of electronic communication. Many lawyers are conversant with portions of this subject matter, as they may have participated as document reviewers. Terminology used in this component includes “hot document” and “smoking gun.” The ability of technology to assist lawyers in identifying these documents in a manner that supplements interviews or depositions can be case critical. Artificial intelligence (AI) is prevalent within this component as an element of early case assessment (ECA) and technology-assisted review (TAR). Lawyers should understand these concepts and other related terminology.
Lawyers should also be competent in other parts of eDiscovery outside of document review. Case management decisions, such as who preserves/collects the data and on what processing platform(s), who hosts the data for review, and how the data is to be produced and presented, are all strategic business decisions and associated with various costs and risks. Many law firms have on-premise computer software and a hosting infrastructure that includes document review, redactions, and production. These tasks can also be performed in conjunction with outsourced vendors, who can perform a full suite of services, and where lawyers and other reviewers can access documents remotely. Decisions on hosting infrastructure might include specific questions on security such as: data access, data separation, use of outsourced providers, rights to audit, etc. Within Glover’s checklist, an example of lawyer competency is the capability of “explaining what ’native format’ means, its significance to eDiscovery, and what kind of information might be lost if documents are produced in a non-native format such as printouts or PDF documents.” Lawyers must determine their levels of competency necessary to participate in these types of conversations.
The types of questions that lawyers strive to answer during investigations and disputes that involve digital forensics include who did what and when – often in terms of accessing information or disposing of, hiding, or taking data. Other questions may include the following. How did it happen? What has been taken or copied? What are the risks and exposures?
The detailed work involved with answering these questions is almost always performed by individuals who have advanced information technology skills and investigative backgrounds.
When dealing with internal matters, tasks include “imaging laptops” (remotely or directly), decryption, wading through access or change logs, finding and recreating deleted files, and investigating Internet and social networking activity. Data might also need to be identified, collected, and analyzed from various types of computer systems, networks, wireless communications, and data storage devices and repositories.
Lawyers are critical to guiding digital forensics efforts, especially the nuances and specific requirements of the guidelines and considerations as to what data and information could potentially be admitted as evidence in a court of law. Initial findings related to unlawful or restricted access and password and system break-ins can blossom and require deeper analysis to help answer such questions as: Who else was impacted by this access? What was compromised – customer lists, or perhaps sensitive, personally identifiable information?
Violations at this level often invoke certain significant company risks and can require certain compliance responses, all of which can result in significant financial and reputational exposure.
There is little doubt that the ongoing influx of technology will present more challenges, while enabling more efficient and cost-effective opportunities for legal professionals. In addition, clients will continue to expect their lawyers to use technological solutions for certain matters. The competency framework we discussed here identifies and defines the technology landscape relevant to lawyers. A deeper dive to further understand the benefits and risks associated with technology and data as it impacts their practice should provide lawyers with richer work products, more confident clients, and a leg-up on their competition.
"… Lawyers tend to act as if these are two completely different things. As professional competence is what we do, and technology competence is this thing off to the side, that may or may not have anything to do with what lawyers do … and I think this is very clearly wrong. Professional competence is technology competence. We use our computers to get work done for our clients … We use technology in and out of the courtroom. Technology is the way that everyone in the world communicates … and we have to introduce it into evidence, we have to monitor it for intellectual property problems, there are all kinds of issues that we have to cover that intersect with technology … to do litigation holds for discovery purposes … you can’t be technologically incompetent and practice law …"
— Sam Glover, Founder of Lawyerist.com | firstname.lastname@example.org | https://lawyerist.com/technology/
Chris Bojar, JD
Litigation Support Manager, Barack Ferrazzano Kirschbaum & Nagelberg LLP