Kicking and screaming. That's how many lawyers have proceeded into the age of technology. They know it's here, they know they should use it, they understand—but may not admit—that it makes them more efficient. But in the end, it seems that many lawyers are only adopting technology because they must. Not because they should.

Two recent studies confirm this trend. The first is the American Bar Association 2018 Legal Technology Survey Report, particularly Volume II, the “Law Office Technology” report. The second are two recent reports by Malwarebytes, one on the state of malware, the other on how little most people know about tracking.

Let's start with the ABA report, which is issued annually by the Law Practice Division's Legal Technology Resource Center. The report, which focuses exclusively on lawyers, shows that lawyers, particularly those practicing as solos or in small firms, tend to adopt technology in three ways. The first is that they “must.” The second is that their practices “need” the technology. Finally, the third is that they “want” the technology.

Let's look at each of my categories. The “must” category is exemplified by PDFs and metadata. Because courts and other entities require lawyers to file documents, pleadings and other items electronically, lawyers must use PDF creation products such as Adobe Acrobat. On the other hand, there is metadata software. Although numerous bar association committees, including the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility, have opined that lawyers have an ethical obligation to remove such data from files they produce to other attorneys, lawyers are not required to do so.

As a result, the survey reports that 96.6 percent of all lawyers responding have PDF creation software available at their firms, including 92.8 percent of solos, 97.2 percent of lawyers in firms with two to nine lawyers, 98.6 percent of lawyers in firms with 10 to 49 lawyers, and in 100 percent of lawyers in firms with 50 or more lawyers. Compare this with metadata software, which could reveal confidential client communications. The difference is staggering. Only 37 percent of solos have metadata analysis and removal software available, 41.1 percent of lawyers in firms with two to nine lawyers, 65.2 percent of lawyers in firms with 10 to 49 lawyers, 84.8 percent of lawyers in firms with 50 to 99 lawyers, and 97.2 percent of lawyers in firms with more than 100 lawyers use it. In addition, when I lecture about metadata software, it is always remarkable how many lawyers remain ignorant about it.

On the other hand, there are products law firms “need,” but do not have to have to function. Two examples are case/matter management software and specialized practice software. Case or matter management software provide individual and firmwide calendars, individual case listings, document management and other features, all of which save attorneys significant time in handling their files. Specialized software is designed for a specific practice area, such as bankruptcy, real estate closing or estate administration.

The study revealed that the larger the firm, the greater likelihood such products were in use. Thus, only 30.8 percent of solos and 57.1 percent of lawyers in firms with two to nine attorneys had case management software available, whereas 68.1 percent of lawyers in firms with 100 to 499 lawyers, and 71.9 percent of lawyers in firms with more than 500 lawyers did. Similarly, only 23.4 percent of solos and 36.21 percent of lawyers in firms with two to nine attorneys had specialized practice-specific software available, whereas 52.2  percent of lawyers in firms with 100 to 499 lawyers, and 47.3  percent of lawyers in firms with more than 500 lawyers did.

Finally, we have the “want” category, software that is helpful but not necessary. This category includes software such as customer relationship manager products (CRM), designed to maintain relationships with clients and referral sources, etc. One would think that such software would be extremely valuable in smaller firms because so many such practices are dependent on the strength and length of these relationships. Despite this, only 23.1 percent of solos and 41.1 percent of lawyers in firms with two to nine attorneys had the software available, whereas 72.7  percent of lawyers in firms with 100 to 499 lawyers, and 68.9  percent of lawyers in firms with more than 500 lawyers had it.

Moving on to the reports from Malwarebytes Labs, the company that sells Malwarebytes, one of the leading malware removal productions. In the company's “State of Malware,” it explained that in 2018 saw the advent of “information stealers … variants of malware [that] focused their energies on ensnaring businesses, gleaning the most profit from ultra-sensitive data that could be sold on the black market for re-targeting in future campaigns.” What types of data were these cyberthieves seeking? Personal data such as Social Security numbers, credit card information and information that could be used to steal a person's identity, that is, the type of data that law firms often retain about clients and opposing parties.

Lawyers have an ethical obligation, however, to understand the risks and benefits of technology. This obligation also includes a duty to protect confidential client data and sensitive information. Because every law firm uses the Internet in some way, whether to access email or to store information in the cloud, the risks cited in the Malwarebytes report are real, and lawyers must be vigilant to protect their data. This includes installing the proper onsite protection, vetting offsite/cloud vendors, and perhaps purchasing cyberinsurance to provide additional protection in the event of an attack.

Similarly, in the January 29, 2019 report, “What does 'consent to tracking' really mean?” Malwarebytes opens many eyes to the dangers of simply clicking yes when a user is asked  to consent to some form of tracking as a condition of using a web-based service. The report explains that “Most platforms that engage in user tracking do so in ways that raise concern, but are not overtly alarming.” The report explained, however, that another potential harm “is the use of tracking tags on sensitive websites. … User tracking has progressed so far in sophistication that an average user most likely does not have the background necessary to imagine every possible use case for data collection prior to accepting a user agreement.” In short, companies may be tracking far more than names, birthdays, trends in the hashtags we use, and our locations. Doing so raises privacy concerns, as well as concerns when third parties track an attorney's client-related online activities.

Everyone prefers to use the information and tools they are comfortable with. For lawyers, the ever-expanding world of technology presents benefits—such as case management software— and dangers, such as the risk of a ransomware attack that holds a law firm's data hostage until a ransom is paid. What recent studies confirm, however, is that lawyers do not take enough advantage of the tools that will help them, while also ignoring the ones that could render them subject to the whims of a cybercriminal.

Daniel J. Siegel, principal of the Law Offices of Daniel J. Siegel, provides ethical guidance and Disciplinary Board representation for attorneys and law firms; he is the editor of “Fee Agreements in Pennsylvania (6^th Edition)” and author of “Leaving a Law Practice: Practical and Ethical Issues for Lawyers and Law Firms (Second Edition),” published by the Pennsylvania Bar Institute. Contact him at [email protected].