When lawyers “fix” their online presence, they often start for reasonable reasons: fewer inquiries, weaker follow-through from referrals, or a sense that others look more visible online.
But in a highly connected environment, changes are evaluated quickly. In the Philippines, digital usage is widespread, which means professional information is often encountered and judged through online touchpoints. [1] Fast impressions and design-driven credibility shortcuts have strong research support. [13]
This is also a regulated profession. The CPRA prohibits solicitation and restricts advertising to dignified, verifiable, factual information, and it bars self-laudatory advertising. [5] It also sets detailed expectations for responsible social media use and confidentiality protections in online posts. [9]
Below are the most common pitfalls that appear when lawyers try to modernize quickly.
1Importing general marketing language into a regulated profession
A common “fix” is to rewrite profiles using promotional language borrowed from mainstream business.
In law, this can create two kinds of harm.
It can reduce trust because sophisticated clients associate hype with selling, not professionalism. Credibility research supports the idea that surface signals affect trust judgments early. [10] It can also create ethics risk because CPRA Section 17 prohibits self-laudatory advertising and limits advertising to dignified, verifiable, factual information. [5]
A safer modernization posture is to increase verifiability and clarity, not persuasion.
2Paying for credibility signals
Another common “fix” is to purchase credibility markers: paid awards, paid “featured” placements, or arrangements designed to create publicity.
CPRA Section 17 is explicit that a lawyer, law firm, or their representatives shall not pay or give any benefit or consideration to media practitioners, award-giving bodies, professional organizations, or personalities in anticipation of, or in return for, publicity or recognition to attract legal representation, service, or retainership. [5]
Even if such tactics are common in other industries, they are brittle for lawyers because they can undermine trust while creating compliance exposure.
3Turning cases into content
Lawyers often feel pressure to demonstrate competence publicly. Storytelling about past matters is a common content pattern.
The CPRA specifically addresses this risk. Under the social media rules, it prohibits disclosure of privileged information through online posts, directly or indirectly, except as allowed by law or the CPRA. [9] It also imposes a duty to safeguard client confidences in relation to social media accounts used to communicate about client confidences and information. [9]
The pitfall is not only naming a client. It can also be re-identification through fragments (forum, location, timing, industry, unique facts). For a profession built on discretion, the credibility cost can be immediate.
4Posting quickly and sharing unverified claims
When lawyers become more active online, they sometimes post quickly about trending issues, repost summaries, or amplify information that feels plausible.
CPRA Section 38 prohibits knowingly or maliciously posting, sharing, uploading, or otherwise disseminating false or unverified statements, claims, or acts of disinformation. [9]
Even beyond compliance, credibility research suggests that visible signals of professionalism and reliability strongly affect trust judgments. [14] One careless post can cast doubt over everything else.
5Adding intake forms or messaging channels without privacy and security controls
Many “fixes” add convenience features: forms, chat widgets, messaging buttons, and online intake questionnaires.
If those channels collect personal information, privacy and security obligations follow.
The Data Privacy Act (Republic Act 10173) requires personal information controllers to implement reasonable and appropriate organizational, physical, and technical measures to protect personal information. [15] The National Privacy Commission’s compliance guidance reinforces that organizations should implement reasonable and appropriate security measures to maintain confidentiality, integrity, and availability of personal data. [16]
A trust-first digital presence treats “how information is collected and stored” as part of credibility, not as an afterthought.
6Underestimating cyber risk because the practice is small
Smaller professional practices sometimes assume they are not targets.
Broad breach analysis suggests otherwise. Verizon’s 2025 DBIR Executive Summary reports ransomware involvement in breaches and highlights a strong disparity between larger organizations and SMBs, with SMBs experiencing ransomware-related breaches at a much higher rate in their dataset. [17]
When a practice adds more tools, plugins, logins, accounts, and third-party services, the attack surface expands. For clients, the question is simple, even if unspoken: “Is it safe to share information here?” [18]
Closing
Many pitfalls come from good intentions. Lawyers are trying to adapt to how clients now evaluate professionals in a highly connected environment. [19]
The most defensible modernization path is not louder presence. It is clearer, more verifiable, and more security-conscious presence, built within CPRA boundaries and privacy requirements. [20]
References
- [1] [19] DataReportal. Digital 2026: The Philippines. https://datareportal.com/reports/digital-2026-philippines
- [13] Lindgaard, G. et al. You Have 50 Milliseconds to Make a Good First Impression! Behaviour & Information Technology. https://www.tandfonline.com/doi/abs/10.1080/01449290500330448
- [10] [14] Stanford Persuasive Technology Lab. How Do People Evaluate a Web Site's Credibility? https://simson.net/ref/2002/stanfordPTL.pdf
- [5] [9] [20] Supreme Court of the Philippines. Code of Professional Responsibility and Accountability. https://sc.judiciary.gov.ph/wp-content/uploads/2023/05/22-09-01-SC-FINAL.pdf
- [15] Republic of the Philippines. Republic Act No. 10173 – Data Privacy Act of 2012. https://privacy.gov.ph/data-privacy-act/
- [16] National Privacy Commission. 5 Pillars of Compliance. https://privacy.gov.ph/5-pillars-of-compliance-3/
- [17] [18] Verizon. 2025 Data Breach Investigations Report – Executive Summary. https://www.verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf