Wednesday, February 29, 2012

Firm Information Security Management (More News and Views)

Following the flurry of stories on law firm information security over the past few weeks, comes two related links:

The Risks of Taking Your Electronic Devices Abroad
  • "You have just finished a long trial, deal or other matter and decide to take a vacation… you bring along your work laptop, your BlackBerry or iPhone, and your iPad or e-reader to cover all your bases electronically."
  • "Then, a funny thing happens on your way to baggage check… The Customs and Border Protection officer asks to see your bags and decides to confiscate your laptop and iPad for further inspection. End result: You don't get your devices back for almost two months and you have no idea how many government agencies saw, inspected and/or analyzed their contents."
  • "Now, even without reasonable suspicion of any wrongdoing, the government can search, copy and seize travelers' laptops and other electronic devices at the border and can potentially continue to access personal and work data and information stored in the cloud, indefinitely and in an ongoing manner."
  • "Many law firms store attorney-client communications, clients' proprietary data and other confidential information this way and the limits on potential government access to such information is practically unbounded under the law as it exists today. This doesn't even include the possibility that, once any privileged communication is accessed by the government, the privilege could be deemed waived, with the scope of the waiver extending to all communications relating to the same subject matter. (What comes next? -- a subject matter waiver over everything in your email?!) Malpractice claims and ethical pitfalls would abound."
  • "Short of leaving our electronic devices at home, we may need to start taking copious measures when traveling internationally, like keeping a backup of our confidential data and communications elsewhere (e.g., on law firm servers) and securely deleting our hard drives, smartphones, etc., prior to travel, then remotely accessing the material we need when we get where we are going."
On a related note, see also an article in the February issue of Wisconsin Lawyer: “Preserve Confidentiality When Using Technology” --
  • Question: "I use a lot of technology equipment in my law practice. What steps must I take to ensure confidentiality of client information when disposing of this equipment?"
  • "Although this topic is still subject to much discussion and debate, it is clear that lawyers are required to have some basic understanding of the function and operations of equipment that is used in their practices, especially if that equipment is storing client information as part of its functioning. Special care must be exercised at the time of disposing of equipment used in the practice to make sure that client information is not somehow transmitted or left on the equipment for discovery by someone else."

No comments:

Post a Comment