An interesting article describing the use of DropSmack to target networks via DropBox. In addition to broader considerations lawyers should consider before using cloud services, developments like this highlight the need for education regarding technology and security.
Iowa Lawyers May Use SaaS [Cloud] Services provided that they consider the access to the data, conduct appropriate due diligence regarding the SaaS provider, the cost of the service, and the degree of protection afforded the data. Iowa Ethics Opinion 11-01 (September 9, 2011).
Main lawyers may store and synchronize electronic work files containing confidential client information. Maine Ethics Opinion #194 (June 30, 2008). Processing of firm data may include transcription of voice recordings and transfer of firm computer files to an off-site “back-up” of the firm’s electronically held data.
At a minimum, the lawyer should take steps to ensure that the company providing confidential data storage has a legally enforceable obligation to maintain the confidentiality of the client data involved. With the pervasive and changing use of evolving technology in communication and other aspects of legal practice, particular safeguards which might constitute reasonable efforts in a specific context today may be outdated in a different context tomorrow. Therefore, rather than attempting to delineate acceptable and unacceptable practices, the opinion outline guidance for the lawyer to consider in determining when professional obligations are satisfied.
A lawyer generally may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution, such as “Google docs,” so long as the lawyer undertakes reasonable efforts to ensure that the provider’s terms of use and data privacy policies, practices and procedures are compatible with the lawyer’s professional obligations, including the obligation to protect confidential client information reflected in Rule 1.6(a). A lawyer remains bound, however, to follow an express instruction from his or her client that the client’s confidential information not be stored or transmitted by means of the Internet, and all lawyers should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first obtaining the client’s express consent to do so. Massachusetts Ethics Opinion 12-03. (May 17, 2012)
Pennsylvania lawyers may ethically allow client confidential material to be stored in “the cloud” provided the attorney takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks. Pennsylvania Formal Opinion 2011-200
Vermont lawyers can utilize Software as a Service (”SaaS”) in connection with confidential client information, property, and communications, including for storage, processing, transmission, and calendaring of such materials, as long as they take reasonable precautions to protect the confidentiality of and to ensure access to these materials. Vermont Advisory Ethics Opinion 2010-6.
Lawyers may store client materials on a third-party server so long as the lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation. Oregon 2011-188 (November 2011). This may include, among other things, ensuring the service agreement requires the vendor to preserve the confidentiality and security of the materials. It may also require that vendor notify the lawyer of any nonauthorized third-party access to the materials. The lawyer should also investigate how the vendor backs up and stores its data and metadata to ensure compliance with the lawyer’s duties.
North Carolina 2011 Formal Ethics Opinion 6 Opinion rules that a lawyer may contract with a vendor of software as a service provided the lawyer uses reasonable care to safeguard confidential client information. (1/27/2012).
An interesting, perhaps troubling, issue raised with respect to security of certain mobile devices. Read more about Carrier IQ (http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/, http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/carrieriq-part2/, http://www.wired.com/threatlevel/2011/11/secret-software-logging-video. A somewhat long video of how this works is available here. http://tinyurl.com/cwcyjoc. Although there will likely be more articles about this in the media in the future, this highlights potential security and related issues for users of mobile devices.
Alabama lawyers can store client files in the cloud provided that they stay current with appropriate security and take reasonable steps to ensure that the provider protects the data. See Alabama State Bar Disciplinary Commn., Op. 2010-02. The opinion provides some details discussion of records retention requirements.
A lawyer may use online cloud providers to store and back up client files provided that the lawyer takes reasonable care to ensure that confidentiality will be maintained in a manner consistent with the lawyer’s obligations under Rule 1.6. Additionally, the lawyer should stay abreast of technological advances to ensure that storage remains sufficient to protect the client’s data and should monitor the laws of privilege to ensure that the online storage will not cause loss or waive privilege. See N.Y.S.B.A. Eth. Op. 842 (Sept. 10, 2010).
Professor Hillman and Hinshaw Culbertson lawyer Allison Rhodes have published Client Files and Digital Law Practices: Rethinking Old Concepts in an Era of Lawyer Mobility, available here.
Lawyers providing an online file storage and retrieval system for client access of documents must take reasonable precautions to protect the security and confidentiality of client documents and information. Lawyers should be aware of limitations in their competence regarding online security measures and take appropriate actions to ensure that a competent review of the proposed security measures is conducted. As technology advances over time, a periodic review of the reasonability of security precautions may be necessary. See Arizona Eth. Op. 09-04 (Dec. 2009)
Professors Monroe Freedman, Andrew Perlman, and a slew of judges and other experts participated at Mercer Law School’s symposium on ethical issues in the digital age, and the transcript is available on line, here. I urge you to read especially Professor Freedman’s opening remarks, “Whatever happened to the search for the truth?”
Here is the introduction (sans links):
On November 6-7, 2008, the Center for Legal Ethics and Professionalism and the Mercer Law Review hosted the Ninth Annual Georgia Symposium on Professionalism and Ethics. The title of the symposium was “Ethics and Professionalism in the Digital Age.” The Mercer Law Review will be publishing transcripts of all the sessions and related papers prepared by the participants. Video of the events is available for viewing by clicking on the links below. For a listing of all speakers and their biographies, click here.
The annual symposia on professionalism and ethics are funded by an endowment created by order of the Honorable Hugh Lawson, United States District Judge for the Middle District of Georgia. The order settled allegations of litigation misconduct in exchange for payments that fund the symposia and funded the creation of academic chairs devoted to ethics and professionalism at the Walter F. George School of Law of Mercer University, the University of Georgia School of Law, the Georgia State University School of Law, and the Emory University School of Law.
This year’s symposium began with a dinner on the evening of November 6 at the Cox Capitol Theatre in downtown Macon. Professor Monroe Freedman delivered the keynote address, entitled “Whatever Happened to the Search for Truth?” To see Professor Freedman’s speech, click here.
The next morning, there were two panel discussions related to issues of ethics and professionalism in e-discovery. In the first panel, Jason R. Baron, the Director of Litigation for the National Archives and Records Administration, presented his paper on “E-Discovery and the Problem of Asymmetric Knowledge.” To see a written version of Mr. Baron’s remarks, click here. The two responders to Mr. Baron’s presentation were Chilton Varner, a partner at King & Spalding in Atlanta, and The Honorable John M. Facciola, United States Magistrate Judge for the District of Columbia. To see the first panel discussion, click here.
The second panel discussion began with a presentation by Ralph C. Losey, a Shareholder at Akerman Senterfitt in Orlando, Florida. Mr. Losey spoke on “The Wicked Quadrant – A Theoretical Construct to Understand Unethical Behavior in E-Discovery.” The responders to Mr. Losey’s presentation were William F. Hamilton, a partner at Holland & Knight in Tampa, Florida, and The Honorable David A. Baker, United States Magistrate Judge for the Middle District of Florida. To see the second panel discussion, click here.
In the afternoon, there were two additional panel discussions. The first concerned the internet and lawyer marketing. Jack Sammons, Griffin Bell Professor of Law at the Walter F. George School of Law at Mercer, moderated a panel discussion that included Paula J. Frederick, Deputy General Counsel of the State Bar of Georgia, Diane L. Karpman of Karpman & Associates in Beverly Hills, California, and Micah Buchdahl, President of HTMLawyers, Inc. in Moorestown, New Jersey. To see the third panel discussion, click here.
The final panel discussion of the day concerned the special issues of ethics and professionalism that surround the use of metadata. Professor David Hricik of Mercer conducted the discussion, with Professor Andrew Perlman of Suffolk Law School in Boston and Carolyn Southerland, Managing Director of the Huron Consulting Group in Houston, as his panelists. To see the last panel discussion, click here.
We’ve noted here repeatedly that lawyers must safeguard client confidences, and so this story from CNN caught my eye: their campaign sold off a bunch of Blackberries to recoup some money, but they left all the data — email, home addresses, personal phone numbers, you name it — on the little gems. Now, maybe it shows where Palin bought all those fancy clothes…
(112)
(1)
(15)
(20)
(58)
(4)
(2)
(6)
(16)
(51)
(90)
(14)
(8)
(18)
(11)
(8)
(19)
(69)
(40)
(64)
(2)
(3)
(3)
(4)
(1)
(3)
(36)
(3)
(39)
(4)
(4)
(3)
(24)
(12)
(63)
(6)
(12)
(15)
(12)
(3)
(22)
(15)
(2)
(107)
(1)
(2)
