A number of innovative law firms are seeking to deliver legal services directly to clients through their Web sites or to set up what some call “virtual law offices.” Unlike a simple law firm site, which may have just a description of the firm’s practice, the lawyers’ biographical information and some informational resources, a virtual firm’s site has a more ambitious purpose. It is characterized by clients’ access to a password-protected and secure Web space where the lawyer and client may interact and the client may consume legal services. Some of these services may include the delivery of legal advice, review of documents that the client has received from other parties, sensitive discussions between the lawyer and client, and the creation, assembly and review of legal documents and forms. Among numerous examples of law firms now delivering services online are http://illinoisdivorce.com and www.kimbrolaw.com, both recipients of the James I. Keane Award, which the ABA eLawyering Task Force of the Law Practice Management Section presents to innovative firms that use the Internet to deliver legal services more efficiently.

As more law firms have become interested in adding a virtual dimension to their practice, there is increasing interest in making sure that the practice meets requirements for delivering legal services online directly to clients. To help lawyers make sure that their “virtual practices” comply with applicable rules of professional conduct, the LPM Section’s eLawyering Task Force has been developing a set of minimum requirements. Since every state develops and enforces its own rules for the legal profession, the task force’s requirements will be advisory only. The following draft requirements provide a framework for further discussion and are likely to evolve over time as more firms move their practices online and encounter unique situations that are not anticipated by rules that were aimed at law firms operating purely in the physical world.

Minimum Suggested Requirements for Law Firms

Law firms that wish to deliver legal services online should meet the following requirements:

• Web Site Architecture . A law firm Web site that offers legal services online should provide a secure client Web space that is accessible only with a user name and secure password apart from the public portion of the Web site. Without such a mechanism it is difficult or impossible to comply with the rules of professional conduct that deal with unauthorized practice, client confidentiality, establishing the lawyer-client relationship, and conflict of interest issues.

• Ethics Issues. The rules of professional conduct are not revoked just because a law firm is delivering legal services online. Mechanisms such as the following must be put in place:
• Conflicts of interest still must be checked.
• The law firm must not violate UPL [unauthorized practice of law] rules and must serve only clients who are residents of the state where the firm is authorized to practice, or clients who have a matter within the state where the firm is authorized to practice. A procedure must be in place to verify that the law firm is authorized to provide service to the client.
• A disclaimer should be published on the site that states the jurisdiction in which the law firm is authorized to serve clients.
  
• Statement of Terms and Conditions. A terms and conditions statement should be published on the public section of the site that describes precisely limitations on services, the requirements to establish a lawyer-client relationship, and disclaimers related to the creation of the lawyer-client relationship. It should make clear that any legal information that appears on the Web site is not legal advice, and that a lawyer-client relationship must be established before any legal services are provided.

• Retainer Agreement Acceptance. Clients must accept and agree to a retainer agreement outlining the scope of legal services at the time they become a client. The acceptance of the retainer agreement establishes the lawyer-client relationship. The attorney should not provide legal services until the lawyer-client relationship is established. The retainer agreement should appear on the Web site and can be unambiguously accepted as part of the client registration process.

• Marketing Rules . The law firm Web site must comply with the marketing rules incorporated into the state’s rules of professional conduct that apply to the law firm. This usually requires a disclaimer that the public section of the Web site is a form of advertising. Usually a disclaimer must appear in the footer which indicates that the law firm’s public Web site (the “front-end”) is a form of advertising and information contained herein should not be relied on for legal advice. A “best practice” would be adherence to the ABA’s Guidelines for Legal Information Web Sites, available here.

• Online Payment of Legal Fees. Payment of legal fees online by credit card will have to comply with state rules that govern attorney trust accounts.

• Protecting Client Confidences.
• All data that is transferred online between the law firm’s Web site and the client must be encrypted.
• Third-party hosting providers should have policies and procedures in place for security breaches, data theft, privacy and other concerns.
• The contract with the hosting provider should make clear under what circumstances the vendor’s staff has access to client files and also make clear that if the provider’s staff is accessing client data for technical reasons, they are functioning as agents of the law firm as if they were the law firm’s internal staff.
• A procedure should be in place that guarantees the security of the firm’s client data, provides for redundant backups, and offers a procedure for exporting the data on behalf of the law firm at the request of the law firm.

• Security Certification. The law firm should consider securing various certifications that confirm the security and the privacy policy of the Web site, including the Hacker Safe Seal or the NORTON Safe seal and the Truste Certificate. This would provide notice to the consumer that the secure portion of the law firm’s site complies with industry security standards for “safe” sites.

Implementing these requirements can be a complex undertaking and tactics will vary depending on a number of factors, such as the firm’s size, jurisdiction and areas of practice, as well as the scope of services to be delivered online. However, some of these requirements can be implemented using a simple procedure. For example, for a solo practitioner with relatively few clients, the information provided in a registration by the prospective client should be sufficient to check for any conflicts of interest with the law firm’s records via a manual process. For larger law firms, it may be necessary to integrate the conflicts of interest checking process with the firm’s offline client database so the check for conflicts is done automatically. However the law firm chooses to accomplish this task, what is important is that a process be in place that implements the checking process, as well as the other requirements listed above.

We are confident that as law firms respond to the needs of clients who want to deal with attorneys online, they will adapt to delivering services in ways that are consistent with the legal profession’s core values. Reactions to the draft requirements outlined here would be most welcome. We also welcome participation in the eLawyering Task Force. If you are an ABA member, you can click here to sign up for the task force’s e-mail discussion list