Bloomberg Law carried a very interesting post by a professor at the University of Houston Law Center.
Professor Knake notes that big data analytics are changing how lawyers find clients, conduct legal research and discovery, draft contracts and court papers, manage billing and performance, predict the outcome of a matter, select juries, and more. Ninety percent of corporate legal departments, law firms, and government lawyers note that data analytics are applied in their organizations, although in limited ways, according to a 2015 survey.
While some law firms and legal services organizations follow data-use policies or codes of conduct, many do not - maybe because big data in legal was primarily in the e-discovery area. Professor Knake makes a good case for the fact that the ABA Model Rules of Professional Conduct are insufficient for addressing a number of ethical concerns.
Lawyer ethics rules relevant to big data analytics, as identified by Professor Knake, include:
Communication. ABA Model Rule 1.4 requires lawyers to communicate with the client, which includes the duty to "consult with the client about the means by which the client's objectives are to be accomplished;" "keep the client reasonably informed about the status of a matter;" and "promptly comply with reasonable requests for information." The duty to communicate means lawyers must inform clients when their personal data is used for analytics analysis as well as when data analytics are used to make decisions about how the client's objectives will be achieved.
Competence. In 2012, the ABA amended Comment 8 of ABA Model Rule 1.1 on Competence (now adopted by over 20 states) to require that lawyers "keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology." This includes the preservation, control, and distribution of electronic, digital information. A 2015 opinion from the State Bar of California states that minimum competence in litigation demands "a basic understanding of, and facility with, issues relating to e-discovery," and that "obligations under the ethical duty of competence evolve as new technologies develop." New York mandates e-discovery competence. Bar authorities are likely to expect similar competence for other uses of big data analytics.
Confidentiality. ABA Model Rule 1.6 protects confidentiality of all information related to the representation of a client, including client data, and Comment 18 urges lawyers to consider state and federal laws on data privacy and notice requirements. While not an explicit rule of professional conduct, attorney-client privilege is an evidentiary principle recognized by all US jurisdictions.
Marketing. Data analytics from social media and search engines can lead to new clients, for example mass tort, personal injury, or even criminal matters. (At least one jurisdiction, Ohio, has approved the use of police records data to text message potential clients). Model Rule 7.1 prohibits lawyers from making false or misleading statements about their services. Model Rule 7.2 governs permissible advertising and Model Rule 7.3 covers solicitation. A number of jurisdictions adhere to more extensive advertising and solicitation rules. This patchwork of restrictions presents difficulties for lawyers wanting to amass analytics across jurisdictions.
Record Preservation and Return. Lawyers hold a duty to maintain and preserve client records, including data analytics, as well as to deliver them promptly upon request, under Model Rule 1.15. Model Rule 1.16 specifies that upon termination of a representation, the lawyer must promptly return all papers and property, again including personal data, to which the client is entitled.
Supervision. Model Rule 5.3 contemplates that lawyers may receive assistance from nonlawyers, including experts on data analytics. The Rule obligates the supervising lawyer to ensure that nonlawyers adhere to the lawyer's professional conduct obligations. Lawyers must provide instruction about ethical obligations, and they are responsible for the nonlawyers' work product.
Here are the questions that Professor Knake identifies as unanswered by our ethics rules:
Access/Ownership. Who owns the original data — the individual source or the holder of the pooled information? Who owns the insights drawn from its analysis? Who should receive access to the data compilation and the results?
Anonymity/Identity. Should all personally identifiable or sensitive information be removed from the data? What protections are necessary to respect individual autonomy? How should individuals be able to control and shape their electronic identity?
Consent. Should individuals affirmatively consent to use of their personal data? Or is it sufficient to provide notice, perhaps with an opt-out provision?
Privacy/Security. Should privacy be protected beyond the professional obligation of client confidentiality? How should data be secured?
Process. How involved should lawyers be in the process of data collection and analysis? In the context of e-discovery, for example, a lawyer is expected to understand how documents are collected, produced, and preserved, or to work with a specialist. Should a similar level of knowledge be required for all forms of data analytics use?
Purpose. Why was the data first collected from individuals? What is the purpose for the current use? Is there a significant divergence between the original and secondary purposes? If so, is it necessary for the individuals to consent to the secondary purpose? How will unintended consequences be addressed?
Source. What is the source of the data? Did the lawyer collect it directly from clients, or is the lawyer relying upon a third-party source? Client-based data is, of course, subject to the lawyer's professional conduct rules. Data from any source should be trustworthy, reasonable, timely, complete, and verifiable.
These are very significant issues which I have not seen compiled elsewhere. It is the professor's recommendation that bar associations consider adopting uniform rules or promulgating model best-practice policies on legal ethics for big data. She also recommends that lawyers develop and implement data-use policies to address the relevant professional conduct rules as well as the broader ethical concerns she highlights in her post.
I agree – we have already seen the misuse of big data in several high profile instances – this is a digital era ethics problem which is growing with each passing day.
Hat tip to Dave Ries for passing this excellent post along.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology