In the July issue of the Oregon State Bar Bulletin, Helen Hierschbiel writes about safeguarding client information in a digital world. Here are 6 key points from her article:
Understand the Risks
While lawyers are generally free to use modern methods of communication and document storage, it is incumbent on them to understand the risks inherent in use of these technologies to guard against compromising client confidences.
Special Circumstances Dictate Special Security Measures
Special precautions may be necessary in particular circumstances when communicating by e-mail. For example, if information is particularly sensitive or subject to a confidentiality agreement, a lawyer may need to implement special security measures. Also, if a client requests it, a lawyer may be required to avoid, or be allowed to use, a particular type of electronic communication notwithstanding the expectations of privacy in the communication method.
Scrub Metadata
Competent representation requires that lawyers understand what information may be hidden in documents that they plan to send by e-mail so that appropriate steps can be taken to protect against inadvertent disclosure of what could be confidential or sensitive information. (Read more about metadata here.)
Third Party Privacy Agreements are a Must
Electronic storage of client files, like electronic communications, is generally acceptable, as long as lawyers take reasonable precautions to protect client information from further disclosure. Because one of the primary risks of electronic storage is the necessity of giving a third party access, lawyers should ensure that the third party promises to maintain the confidentiality of the information and to implement security measures that meet industry standards.
Lawyers may contract with third parties to dispose of client files as long as they make reasonable efforts to ensure that the third party takes steps to protect confidential information.
Protect Electronic Devices
Lawyers should guard their laptops and PDAs against theft and take care to scrub the hard drives of those devices before they resell or recycle. (And these aren’t the only devices in our office we must be careful about. Read this post for more information about mandatory e-cycling of electronics in Oregon.)
Get Help If You Don’t Know What You are Doing
Lawyers are not required to become computer or technology whizzes, but they must be able to identify potential problems and consult an expert when they are in over their head.
All good, solid, common sense advice. For sample confidentiality agreements that can be modified to use with third party vendors handling confidential client information, visit the PLF Web site. Select Practice Aids and Forms > Staff > Confidentiality in the Law Office. A sample client engagement letter addressing use of electronic communication and third party vendors can also be found on the PLF Web site. Select Practice Aids and Forms > Engagement Letters > Engagement Letter and Fee Agreement – Alternate.
Copyright 2010 Beverly Michaelis
Pingback: Running a Successful Law Practice « Oregon Law Practice Management