The legal profession embraced remote working as the new norm but what are the risks?

February 1st, 2023
x
Bookmark

The global COVID-19 pandemic has led to a sudden change in the way many organisations work, and the legal profession is not an exception to this new normal. This has resulted in a drastic increase in employees who have little or no previous experience inworking remotely. The purpose of this article is to interrogate the risks or challenges posed by remote working using technology in the legal profession. According to MH Olson and SB Primps working from home or remote working refers to ‘organisational arrangements which are enabled by technological advancements that allow employees to work at home on a regular basis, as a substitute for attendance at the normal workplace’ (Olson and Primps ‘Working at home with computers: Work and nonwork issues’ (1984) 40 Journal of Social Issues 97). Those involved in working remote rely on information technology and telecommunications in executing their duties.

Zia Qureshir argues that technological advancements and rapidly shifting economic norms have transformed and shaped the way the legal profession functions (Z Qureshi ‘How digital transformation is driving economic change’ (www.brookings.edu, accessed 14-12-2022)). Unfortunately, the existing regulatory restraints and public policy considerations within the legal profession are not keeping up with technological advancements, hence exposing the profession to various challenges as discussed in this article.

Cybersecurity risk

With the recent developments in technology and growth in its use, the storage of information online or in the cloud has become a common phenomenon. The American Bar Association 2021 Legal Technology Survey Report (2021) submitted that, although this method of storing information has proven to be very effective, the challenge of cyber breaches and data theft has also been on the rise. Interestingly, law firms have also become targets of cyber criminals that perpetrate these infractions.

The growth in technology has led to a sudden shift in the storage of information from physical storage systems to online storage platforms. Individuals and organisations are now beginning to save their information online and the reasons for this development are not farfetched. This requires them to have protection against the criminal or unauthorised use of electronic data.

The outbreak of COVID-19 has also encouraged and facilitated an increase in the online storage of information by law firms. This emerged as the various lockdown orders halted the movement of goods and persons and as a result, several organisations and businesses have had to work and operate remotely. To be able to access relevant data and work effectively, while working remotely, many organisations have had to adopt several digital means of storing their relevant data.

However, the storage of information through online and digital means does not occur without some challenges. Indeed, with the increase in online and digital storage of information, cyber-attacks and data breaches by cyber criminals are now a very common phenomenon in the world today. Cyber-attacks mainly occur without the knowledge and consent of their victims (S Ugboaja, M Osuo-Genseleke and C Chigozie-Okwum ‘Cyber-attacks: A literature Survey. 2nd International Conference on Education and Development’ (2019) (www.researchgate.net, accessed 2-12-2022)). Additionally, the cybercriminals either utilise these accesses and information they get, for their personal use or sell them to other persons who may require them.

Although cyber threats are mostly preventable, it is impossible to fully eliminate them. Therefore, it is salient for law firms to have an idea of the possible cybersecurity risks that they are highly susceptible to. Cyber breaches can occur in various forms, but the ones that commonly affect law firms include ransomware, which attacked DLA Piper in 2017 (TitanFile ‘DLA Piper ransomware hack: What can we learn from it?’ (www.titanfile.com, 14-12-2022)), virus, malware, phishing (A Namaya, A Cullen, I Awan and J Disso ‘The world of malware: An overview’ (www.researchgate.net, accessed 14-12-2022)) and trojan (AG Johansen ‘What is a Trojan? Is it a virus or is it malware?’ (https://us.norton.com, 14-12-2022)).

To this end, law firms and lawyers need to pay more attention to their cybersecurity. With the growing rate of cyber breaches, law firms cannot afford to be careless with the information of their clients within their possession. Procedures and protocols must be established by these law firms to ensure cyber hygiene.

Confidentiality risk

The legal profession’s existence is hinged on the principle of ‘lawyer client confidentiality’ and it is the clients’ expectation that all the information they share with their lawyers is protected through this principle. Legal practitioners receive, private, personal, and confidential information from their clients. The clients must disclose to them information that has not yet been made public or which is of a private and confidential nature. In other words, the legal practitioners must receive full information and instructions from their clients to render their services effectively. The High Court in the case of Baker v Campbell (1983) 49 ALR 385 held that disclosing such information to third parties or the public would cause potential or actual loss, harm and/or prejudice to clients. It is for the protection of clients that the legal privilege accorded to legal practitioners and client communication is recognised and enforced by law (see S v Safatsa and Others 1988 (1) SA 868 (A) at 878 – 887).

As noted in K Wagner and C Brett ‘I heard it through the grapevine: The difference between legal professional privilege and confidentiality’ 2016 (Sept) DR 22, to protect the sanctity of the attorney-client privilege and minimise in-roads into that privilege, legal practitioners are required to operate on premises that sufficiently offer attorney-client confidentiality and privacy. Most legal practitioners’ governing bodies inspect any proposed premises before the commencement of business or any proposed change of premises to ensure compliance with the above requirements.

When consultations are carried out remotely, there are no guarantees of privacy and confidentiality. The possibility is so high for an employee to leave an important file on a table in a shared household, forward information to their personal e-mail account to print using their home printer, and use unsecured Wi-Fi networks, all of which leave the firm’s data at risk. Meetings discussing confidential or sensitive business information are being conducted over third-party communication platforms.

Halpern & Scrom Law observed that when legal practitioners are working in the office, the above ‘concerns are mitigated because employers can exercise control through overseeing employees, maintaining physical control over documents, domains, files, and electronic devices, and ensuring that employees utilize the employer’s own secure network. Also, meetings with employees or clients are conducted in the privacy of the employer’s office’ (Halpern & Scrom Law ‘Maintaining confidentiality when working remotely’ (www.halpernadvisors.com, accessed 14-12-2022)).

In the case of Smash Franchise Partners, LLC v Kanda Holdings, Inc (2020 WL 4692287 (Del. Ch. Aug. 13, 2020)) the court held that it is high time that the legal profession adopts and enforces well-documented remote work procedures to ensure that employees protect confidentiality and continue to maintain the integrity of the legal profession. The procedures include choosing a safe, secure video-conferencing application, prohibiting employees from using certain unsecured programs and applications to communicate with other employees, collaborate on projects, or upload information (ie, personal e-mail address, unsecured Wi-Fi networks, or consumer cloud storage), and keeping an up-to-date log of all devices that are being used to work remotely to access the employer’s network and confidential information, regardless of personal or company ownership (Halpern & Scrom Law (op cit)).

Moonlighting risk

Remote working increases the risk of moonlighting. ‘Moonlighting’ may be defined as the practice of working for another organisation while committing oneself to one company as the primary workplace typically without the employer’s knowledge (Varum Bhagat ‘Is Employee Moonlighting a Problem in the Age of Remote Working?’ (2022)
(https://customerthink.com, accessed on 2-12-2022)). If an employee undertakes moonlighting without notifying their employer, critical issues arise, including reduced visibility of potential risk for the company, and conflicts of interest with the organisation’s policies and activities (Kelly-Ann McHugh ‘Outside Business Activity: Putting the Spotlight on Moonlighting’ (https://mco.mycomplianceoffice.com, accessed 14-12-2022). According to KPMG, there are two types of moonlighting (KPMG ‘The moonlighting dilemma’ (https://assets.kpmg, accessed 14-12-2022)). The first one is called ‘zero or minimal overlap of time/professional commitments between the sources of employment an individual has’ (KPMG (op cit)). There is less risk in this situation as the employee normally abides by the ‘ethical construct of the corporate culture’ (KPMG (op cit)). The second type, which presents high risk is called ‘conflicted moonlighting’. This type violates ‘time, professional, ethical or code of conduct commitments towards both the concurrent sources of employment along with direct or apparent conflict of interest. Instances of conflicted moonlighting are on the rise across [the legal sector] and [are] a common concern amongst employers’ (KPMG (op cit)).

In legal practice, moonlighting is generally not allowed as it amounts to dishonourable and unprofessional conduct and violates the conditions on which practicing certificates are granted. A practicing certificate is offered to a legal practitioner working under a specific law firm. Once granted a legal practitioner is not allowed to do work for any other employee other than the specific law firm in question. In Zimbabwe moonlighting contravenes work ethics in terms of the Legal Practitioners Act (chapter 27:07). The introduction of remote working has made it difficult for law firms to properly supervise legal practitioners in order to protect against loss of business and protect their reputation.

Billing system

Remote working and its ‘increasing use of advanced technology has possible ramifications on charges to clients’. ‘Digitalisation changes the business model of law firms: The traditional model is that law firms sell time, whereas now that the machines use less time the firms will need to move towards selling value’ (Dr F Strumia and Dr S Kebbell ‘Technology: Implications on the nature of legal practice and the role of the international legal profession’ (www.sheffield.ac.uk, accessed 14-12-2022)).

The existing ‘time-based billing structure [is] incoherent and unreflective of work conducted in firms [and fails] to adequately adapt to the utilisation of both humans and technologies in producing legal advice’ (Dr Strumia and Dr Kebbell (op cit)). ‘The current business model of firms to sell time is not, … in keeping with this new method of supplying work and could lead to subsequent profit loss for firms. Investment in technology is undeniably costly, and this facet of service provision must be viably incorporated into billing models’ (Dr Strumia and Dr Kebbell (op cit)). The future of law firms to sell work should be based on its quality, rather than the time and relevant seniority of the lawyer rendering such services (Dr Strumia and Dr Kebbell (op cit)).

Closely related to the above challenge is the risk that the ‘performance’ of an employer working remotely is less visible (DE Bailey and NB Kurland ‘A review of telework research: Findings, new 3 directions, and lessons for the study of modern work’ (2002) 23 Journal of Organizational Behavior 383). It is harder to see the amount of work and effort put into a job by the employee, and the time spent on work. Even if a person has been working for a long time on a particular matter, they may not receive a benefit proportionate to those they would have received from a supervisor in traditional work where the effort would have been noticed and appreciated (Bailey and Kurland (op cit)).

Client discrimination

Working from home implies that the demographic group of those who are digitally literate is the one that benefits. Walk-in clients that do not appreciate technology are at a disadvantage as they will face difficulty in accessing justice. There is a great risk of leaving out those people in remote areas who do not have the technological infrastructure. This in turn violates the right to equality, protection of law and access to justice (T Mahleka ‘Can technology be leveraged to improve access to justice’ (www.humanrightspulse.com, accessed 14-12-2022)). Therefore, a limitation of access to justice is created because of remote working.

‘There is little evidence of the use of technology in the judicial systems of developing countries. Even when technological innovations are operating outside of traditional judicial systems and offering viable alternatives, when thinking globally and considering that certain targets such as [Sustainable Development Goal 16] look to achieve access to justice for all, then one inevitably has to consider access to technology itself’ (Mahleka (op cit)). The risk of leaving out part of societies’ less privileged and less technologically literate is amplified by remote working. Firstly, it affects them through the cost of utilising online systems which require expensive internet connectivity. Secondly, it puts a limitation on those that are not computer literate. The United Nations Sustainable Development Goal 16 ‘focuses on peace, justice, and strong institutions. This goal is meant to be achieved by promoting peaceful and inclusive societies for sustainable development, ensuring access to justice for all, and building effective, accountable, and inclusive institutions at all levels’ (Mahleka (op cit)). This is threatened by remote working.

Inspections

According to the International Bar Association: Regulation of Lawyers’ Compliance Committee, law societies must ensure that law firms update information relating to practice and business – for instance, trust accounts, bookkeeping, and annual reports. Auditors’ reports should be readily available for inspection. Legal practitioners must also operate on premises that protect the integrity of the legal profession. Remote working presents a major risk as law professional bodies find it difficult to carry out regular inspections to ensure regulatory compliance.

Conclusion

Technological advancements, which have occurred in the recent past indicate that the legal profession is undergoing a transformation. It cannot be denied that these technological advancements bring about enormous changes that threaten the legal profession. The findings suggest using technology while working remotely poses cyber security risks, confidentiality risks, moonlighting risks, billing system risks, access to justice risks, and compliance risks.

Technological innovations in the legal profession have been viewed as evolutionary rather than disruptive, and as a result, adaptation to change has been slower compared to other businesses. With the rate at which technology is evolving, however, embracing technology in the legal profession is no longer an option. The numerous risks or challenges highlighted above have arisen due to the widespread use of technology necessitate proactivity on the part of the legal profession the world over.

Cledwin Dzinamarira LLB (Hons) (UFH) is a Practitioner Risk Manager at the Legal Practitioners Fidelity Fund in Centurion.

This article was first published in De Rebus in 2023 (Jan/Feb) DR 4.

X
De Rebus