RISK WATCH
Connected while apart: File management and practitioner supervision in the era of social distancing GRANT FEARY, DEPUTY DIRECTOR, LAW CLAIMS
T
he Bulletin Committee requested that this article be on the topic of “file management when working remotely – confidentiality and security”. This request was no doubt made in light of the experience of 2020 where COVID-19 restrictions caused major changes to the manner in which law was practised. During the strictest of the “lockdowns” – which in SA at least were mercifully short compared to other jurisdictions – we had to come to grips with working from home, remotely from the office. There has been much written about the advantages and disadvantages of working remotely, including that the “new normal” will involve a much greater element of remote working, even when (hopefully not if) the COVID-19 beast has been tamed. The starting point for any consideration of confidentiality and security issues in file management when working remotely must be to recognise that the basic underlying duties of a practitioner to maintain their client’s confidentiality and to ensure the security of their client’s file and information are unchanged, whether you are working from your office, your home or anywhere else. The obligations set out in the Solicitor’s Conduct Rules regarding confidentiality (ASCR Rule 9) and the implied ethical obligation regarding keeping client files secure and any obligations under the Privacy Act will apply, pandemic or no pandemic, to your practice, whether that be conducted in your office or from your kitchen table. It is obvious, therefore, that all of the same precautions you would take in the office to keep client files secure (locked filing cabinets, locked office doors, computer systems secured by passwords,
38 THE BULLETIN February 2021
virus protection etc) must be taken whilst working remotely. Just as you would not allow people who are not associated with your practice to wander in and out of your office looking at client files, you should not leave client files or your computer on the kitchen table when your kid’s friends are over. It should go without saying that client files and/or your computer should never be left unattended, either in your car or, worse, at the coffee shop when ordering or going to the toilet. The Australian Cyber Security Centre’s tips for protecting personal information when working remotely include the following: • Use trusted Wi-Fi. No café Wi-Fi! • Secure devices when not in use— locked drawer, locked room, not sitting on a desk • Implement multi-factor authentication • Use a Virtual Private Network (VPN) • Use strong and unique passwords • Update your software and operating systems • Avoid using portable storage devices where possible • Use trusted sources for information • Be aware and increase your employees’ awareness of seams Further to this, use work email accounts, not personal accounts for all work-related matters. Proper file management when working remotely can also give rise to other challenges – file notes of telephone conversations should be consistently made and filed properly, as should all client letters and documents, whether you are running an electronic file or a paper file. Additional attention to these logistical considerations (e.g. consistent printing and filing for paper files) needs to be given if practitioners are not in the office and
lacking their usual administrative support. Supervision of staff is also a major issue when working remotely. Some lawyers might see supervision as a “soft skill” or a task that can be put to one side when client matters get busy. Such a view would dangerously underestimate the importance of proper supervision and, in respect of those practitioners supervising practitioners on restricted practicing certificates, be inconsistent with the applicable LPEAC Rules. As the LPEAC Guidelines for the Supervision of Newly Admitted Practitioners (approved 22 July 2016) make clear, supervision is the responsibility of the supervising practitioner and should not be delegated to others. The LPEAC Guidelines also say that supervision of a practitioner on a restricted practising certificate “must be distinguished from a lawyer’s general duty to supervise practitioners and other employees who are performing legal or paralegal work for which the lawyer is ultimately responsible. Supervision of this latter type of work is a risk management, productivity and profitability tool. Supervision in the context of the [LPEAC] Rules is entirely different, and while it contains elements of risk management, productivity and profitability, it fulfils a much wider purpose. It is the final formal component of a practitioner’s legal education and must be viewed as such by the supervising practitioner.” Despite the differing sources of the obligation to supervise identified above by the LPEAC Guidelines, it is good practice for those supervising practitioners to have regard to the LPEAC Guidelines even if they are engaged in general supervision (i.e. not necessarily just of those on restricted practising certificates). In this regard, the LPEAC Rules (Rule 5(3)) (written pre-COVID-19)
