Complying with the (Not So) New Duty of Competency in Technology
By: Josh McIntyre
On October 15, 2015, the Iowa Supreme Court installed its first major amendments to the Iowa Rules of Professional Conduct since 2005. The Court adopted numerous changes to maintain consistency with the ABA Model Rules, including Rule 1.1’s directive for competent representation. Maintaining the requisite knowledge and skill of a competent attorney now explicitly requires that an attorney stay informed of “the benefits and risks associated with relevant technology.”
The revised Model Rules grew out of a three-year study by the ABA Commission on Ethics 20/20, which began in September 2009 with the goal of understanding how globalization and technology are transforming the practice of law. The Commission noted that technology poses new concerns to data security and client confidentiality. The ABA’s Cybersecurity Legal Task Force put it more ominously: “with increasing technology sophistication comes decreasing understanding of the complexities and vulnerabilities inherent in these complex systems. We’re at increasing risk of losing control.”
What has emerged from the wealth of committee reports, ethics opinions, and disciplinary actions is the realization that there are few bright lines for attorneys. Instead, attorneys must perform their due diligence to establish and maintain a reasonable level of security to protect client information. In this article, I examine some modern threats to confidentiality and provide ten tips for maintaining competent security measures.