After pre-screening and intake (see Part 1), once your potential client become a client, you will likely need to gather a lot of information from them to start representation. When gathering information from clients consider the ease of use for the client, the security of the information gathering method to ensure confidentiality and statutory/regulatory requirements, and how easy it is for the firm to generate documents from the requested information.
When your firm requests information from clients do you send a complicated PDF form? A MS Word document? Ask that clients mail, fax or email sensitive documents like bank records or tax filings? Put yourself in the shoes of the client. Have you tried filling out the forms you send? Are they easy to understand? Require a lot of unnecessary information? Provide adequate space for response? Does providing the information require the client to have specific software, a printer, fax machine or put something in the mail? Does your firm provide a way to send the information easily and securely? At the firm, when you get the information is it easy to integrate into documents, save with the client file, and manipulate the information?
Duties under NC RPC 1.6 Confidentiality, as well as ABA Formal Opinion 477R “Securing Communication of Protected Client Information”, data breach notification statutes, ALTA best practices, HIPAA, Hitech and other applicable law requires that information is secured in transit as well as in storage. When you request confidential or sensitive information from clients you need to consider the security protocols applied when that information is entered and as it travels to your firm. Even if you request that a client send information to your firm via postal or express mail consider providing a SASE registered mail envelope. Of course paper mail or fax may seem a secure way to gather information, but factor in convenience (does the client have a printer? A fax machine?) and consider the client experience. Electronic data can be more easily secured than print unless you ask your client to use invisible ink.
What About PDF Forms?
Many businesses and law firms request information via a PDF form. In some cases the “form” is a scanned version of a paper form converted to PDF. It may or may not be fillable. If it is fillable sometimes text fields shrink the input text smaller and smaller until it is unreadable. Users will be required to have at least the free Adobe Reader to fill out the form. It may be difficult or impossible for the client to fill the form out on a mobile device.
To create a true fillable form in PDF you will need some sort of paid product, like Adobe Acrobat DC, Acrobat 2017, or Kofax PowerPDF. While the Fill & Sign features in Adobe Acrobat are very useful for gathering some information and getting a signature, for more complex forms there is a significant time commitment to get them right. You can start with an existing form and Acrobat will try to recognize the form fields. It is inevitable that you will need to do some cleanup. You will have to lay in check boxes, radio buttons and populate any drop-down menus. Then you will need to check the tab order so all fields are filled out in the order you prefer. You will then need to set up distribution via email, SharePoint, or a network folder. The form results will be returned in a spreadsheet-like collection which requires Flash to view and can be exported, or you can view the filled form in PDF.
If you request client information and documents via email you can use encrypted email to make it easy for the client to respond securely. Sending encrypted email to the client also triggers the ability for the client to encrypt the response. Firms with Citrix ShareFile or Microsoft 365 Business Premium (and other enterprise business plans) already have the capability to send and receive encrypted email, which also encrypts attached files. There are plenty of third-party add-ons that work with Gmail and Outlook that let you send and receive encrypted messages. Be aware that for ease of use some of these tools do not require that the recipient (your client) create an account. However, while convenient, this means that the client won’t be able to authenticate to return an encrypted response. Examine the workflow and make sure you understand all the security options. Examples of add-on email encryption tools for small firms include Encyro, Trustifi, DeliveryTrust, and Virtru.
Gathering client information via online forms makes it easy for the client to submit the information and easy for the firm to receive it and re-purpose information via document assembly or mail merge. Most online form tools work beautifully on mobile devices, load quickly and are easy for the client to access with no additional software necessary.
There are plenty of online form tools. Some, like Gravity Forms, let you create a sophisticated online form for your WordPress website. Others like SurveyMonkey, G-Suite Forms, or Microsoft Forms through Microsoft 365 accounts let you email a link to the form or embed it in a web page. These form tools let your clients provide information and upload files. You will want to put your client forms behind a login on your site, so as not to inadvertently beckon a response from a non-client. Depending on how sensitive the information is, these tools may be sufficient. However, if you are asking for any protected types of information you may want to consider additional security.
Jotform, which has limited free and paid plans, offers extra protection via encryption. Even with the free plan Jotform lets you provide a form that transmits the information via private key encryption. The information stays encrypted until you unlock it. Jotform warns that the person filling out the data won’t be able to review their submission and that Jotform can’t access the information either or reset your private encryption key – so keep it safe! You can use a public key if you have one set up instead. Here is a short tutorial on how it works. Be aware that if your form includes attaching files, those files will NOT be encrypted through this method. While Jotform is secure, if you need to request sensitive documents you should instruct your clients to use a different security method.
An additional benefit to collecting data via a form is that most form tools will let you view the responses in a spreadsheet. That data can then be repurposed in a document via mail merge in MS Word or Corel WordPerfect.
Most of the cloud-based practice management applications offer a client portal. Clients can upload and download files into this secure portal, available to them via a secure login. If you do not use practice management, the cloud-based document management application NetDocuments provides a secure client portal. Online document storage services like MS OneDrive, Dropbox for Business, Box, ShareFile, and others will let you create a folder and give permission to clients to upload files securely. If the information being shared is of an extremely sensitive nature the client can password protect the file and share the password with you.
For zero knowledge sharing of files there are tools like BoxCryptor. BoxCryptor for Teams has many different layers of security for files stored in the cloud in a shared repository. Clients can use Whisply to send files securely to the BoxCryptor for Teams or a BoxCryptor for Individuals account. Similar products include Tresorit and Sync.com.
If one of the primary purposes for collecting information from a client is to be able to generate documents there are a number of tools that let firms create an online “interview” so that the client submits information and that is then assembled into a document. In some scenarios the client will then immediately receive the assembled document, or the attorney can review the document as necessary.
Some of the guided interview tools are additions to well-known products like HotDocs. HotDocs Advance includes client facing virtual interviews, letting clients fill out an online form and having the data fed directly into the document. HotDocs is very powerful, but also complex. To gather information that doesn’t necessarily require the complexity of a HotDocs assembled document, tools like Community.lawyer and DocAssemble can help create a series of questions complete with logic and skipping, that can answer a question or generate a document. Tools like Documate and DraftOnce can take your existing documents and let you identify variable fields and turn them into online client interviews.
No matter which tool you use there will be a time commitment and a learning curve. If your firm has never used a document assembly product and your documents are not templates it will take some time to standardize your documents, identify the variables, create the interviews, and leverage the power of this technology. The up front investment of effort will likely save a tremendous amount of time in the long run by reducing errors and letting you focus on solving client problems, not generating documents.
Think about how you collect information from clients and see where you can improve. You can make the information you receive work for you. The workflow with your clients can be streamlined, modernized, and simplified. Your clients will experience fewer pain points and delays in getting you the information you need to move forward. And you can enhance the security of the data along the way.