Maura Mazurowski, BridgeTower Media Newswires
Virtual offices have become a staple of American society.
In 2016, 43% of employed Americans said they worked remotely or virtually at least once a week, according to the study by Gallup.
“Employees are pushing companies to break down the long-established structures and policies that traditionally have influenced their workdays,” the polling agency wrote.
According to FlexJobs, the most popular “work-from-home” jobs include accountants, consultants and writers.
Perhaps it’s time to add attorneys to that list.
“If you think about it, [virtual offices] make sense,” said attorney Thomas Ebel. “A lot of things you do today, because of email and because of cellphones, you don’t actually see the client. Or if you need to see them, you’ve got other options than maintaining a brick and mortar operation.”
Originally published by the Virginia State Bar’s Legal Ethics Committee in 2013, LEO 1872 is an “examination of the ethical issues involved in a lawyer’s or firm’s use of a virtual law office,” primarily client confidentiality, employee supervision and marketing one’s firm.
“Virtual law offices involve issues that are present in all types of law offices... that manifest themselves in a new way in this context,” stated the 2013 opinion.
According to the VSB, a virtual law practice involves a lawyer interacting with clients partly or exclusively via secure internet portals, or by email or other electronic messaging.
A virtual law office, or VLO, involves lawyers operating a firm as a completely web-based practice or in conjunction with a traditional law office. But in-person meetings with clients are common, therefore attorneys often use an “executive office rental” – a shared office space or conference room – to meet with clients.
This raises the concern of keeping client information private.
“Can people overhear your conversations in the executive suite? Is the cloud-based internet service you’re using secure? That’s the first level you have to be concerned about,” Ebel said.
LEO 1872 now requires attorneys to “always act competently to protect the confidentiality of clients’ information, regardless of how that information is stored/transmitted,” though they are not required to guarantee that a breach of confidentiality cannot occur when using an outside service provider.
Mike Maschke, CEO of Sensei Enterprises in Fairfax, said the most common cybersecurity breaches that he has seen experienced by VLOs are business account takeovers, when a hacker gains access to an attorney or firm’s credentials, and installs “ransomware,” a piece of malware that threatens to publish or block access to a victim’s data unless a ransom is paid.
When evaluating management systems, Maschke always recommends lawyers search for software with “zero knowledge solution.”
“That means when you use their product...the attorney holds the decryption key. So even though the data that’s stored on the vendor’s system is encrypted, the vendor cannot access that information,” Maschke said.
LEO 1872 also notes that while VLOs may limit face-to-face interaction with staff members, managers must take reasonable steps to supervise lawyers and non-lawyers on their team.
However, the definition of reasonable steps “may vary depending upon the structure of the law firm.” For Kellam Parks, a Virginia Beach attorney, that meant coming up with specific guidelines his staff must follow when working remotely.
“We don’t let them use their own equipment... They also have to use our systems,” including Clio and Sharepoint, Kellam said. “Both allow us to monitor activity that’s going on.”
Parks said that his firm, Parks Ziegel, has been “paperless and cloud-based” since it opened in 2012. Though it’s technically not a VLO, Parks said his staff has the freedom to work remotely and that they could “operate virtually” if they wanted to.
“We can do anything on the cloud, which allows us to work anywhere,” Parks said. “We need to be productive, and if you need to do that somewhere else, that’s fine with me.”
The amendment that brought the most change relates to marketing legal services.
Previously, many factors had to be considered for a lawyer to list the address of rented office space on letterhead or other public communications, including the frequency with which the office is used, whether non-lawyers also use the space and whether signage indicates that the space is used as a law office.
VSB Ethics Counsel Jim McCauley said those requirements were struck.
“Now [the office] just has to be a space where a lawyer provides legal services,” McCauley said.
Still, the opinion specifies that a lawyer shall not make a false or misleading communication about his or her services or the office space from which the firm operates.
“A communication is false or misleading if it contains a material misrepresentation of fact or law, or omits a fact necessary to make the statement considered as a whole not materially misleading,” according to LEO 1872.
McCauley said this amendment arose out of a 2012 bar prosecution in which Fairfax attorney Atchuthan Sriskandarajah advertised that his firm, SRIS Law Group, employed multiple attorneys with offices across Virginia, Maryland and Massachusetts.
According to court documents, Sriskandarajah worked out of an office in Fairfax alone, while maintaining a network of in- dependent contractors.
“There was no evidence that anyone was practicing in any of those locations [Sriskandarajah] advertised,” McCauley said.
McCauley said the original 2013 opinion was written because more and more lawyers had begun using cloud-based systems like Clio to manage their caseloads and client information.
According to the American Bar Association’s 2019 TECHREPORT, cloud-usage among lawyers bumped up slightly to 58% from 55% in 2018.
“Cloud computing appears to be moving toward becoming a standard approach in legal technology, with more than half now using cloud services,” the report reads.
In 2016, the cloud-computing community collaborated with bar associations to form the Legal Cloud Computing Association and outlined their own security standards that they recommend every cloud provider has. These include data retention policies and limitations to third-party access.
Maschke said he often works with attorneys like Parks who exclusively use cloud-based software.
“It’s the new economy, really. The whole practice of law is changing,” Parks added. “And I think that trend will only continue.”