The Standard for Email Communications

What is the standard for electronic client communications?  Can lawyers freely use email, without a worry or care about encryption?

In “Odds & Ends – Safeguarding Client Information in a Digital World,” Oregon State Bar General Counsel Helen Hierschbiel sets us straight:

The first ethics opinions that addressed the use of electronic communications prohibited lawyers from using cell phones and unencrypted e-mail…. More recently, ethics authorities condone the practice, recognizing that the expectation of privacy in these modern methods of communication is comparable to and as reasonable as that of older methods of communication. For example, ABA Formal Ethics Op 99-413 (1999) states:

E-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy… The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of [the law].

Does this mean lawyers get a free pass to use unencrypted email?

The answer is no, as Helen points out.  Special precautions need to be taken if:

  • The information to be transmitted is particularly sensitive
  • The contents of the email are subject to a confidentiality agreement
  • The client instructs the lawyer to avoid using email

Can a client waive the security risks associated with unencrypted email?

Yes.  “If a client requests it, a lawyer may … be allowed to use … a particular type of electronic communication notwithstanding expectations of privacy in the communication method.”

What role does metadata play?

As Helen notes, metadata may be a bigger danger than unauthorized interception of email  messages:

[C]ompetent representation requires that lawyers understand what information may be hidden in documents that they plan to send by e-mail so that appropriate steps can be taken to protect against inadvertent disclosure of what could be confidential or sensitive information. See, e.g., Arizona Ethics Op 07-03(2007) (lawyer must take “reasonable precautions” to prevent communication of metadata containing client information) and ABA Formal Op 06-442.

Since Helen’s article was published, Oregon has issued its own metadata opinion: Competency: Disclosure of Metadata, OSB Formal Opinion 2011-187.

Where does this leave us with encryption?

If your clients have consented to use of unencrypted email (or don’t care) and your messages are not particularly sensitive or subject to a confidentiality agreement, why should you give a whit about encryption?  In a phrase: ease of use.

What used to be difficult is no longer.

In the article “Encryption So Easy a Lawyer Can Do It,” Bob Ambrogi discusses three incredibly simple solutions that allow lawyers to send encrypted messages.  No more clunky interface requiring the sender to transmit keys before the recipient decrypts the message.  No more need for both parties to use the same software.  (Although a simple plug-in may be needed, depending on the software you choose.)

With secure cloud-based solutions like Enlocked, Virtru, or Delivery Trust from Identillect, Ambrogi concludes:

What all three programs have in common is that they make encryption as easy as the push of a button.  If you use email to communicate with clients or colleagues about sensitive matters – and what lawyer does not? – you have no excuse not to encrypt.”

 [All Rights Reserved 2015 Beverly Michaelis]

What Should I Do About Lost or Stolen Client Files?

imagesIs there any worse feeling than having your briefcase or laptop stolen?

While it can be hard to bounce back from such an experience, there are immediate steps you should take  if you discover that confidential client files have been compromised.

  1. File a police report.
  2. Don’t risk your personal safety. While Find my iPhone and MyLaptopGPS can track lost or stolen mobile devices and laptops, leave the police work to the police.  Do not confront the thief.
  3. If your laptop or mobile device is missing or stolen, notify your IT department.
  4. Change your network user name and password.
  5. Consider changing your user name and password for all accounts – anything you access via the Web.
  6. Check lost-and-found if applicable.  Believe it or not, laptops, devices, and briefcases get turned in by honest citizens.  Don’t give up until you try.
  7. Monitor Craigslist.  If you believe a thief has posted your property for sale, inform police.
  8. Contact your business insurance or liability carrier.  Property, valuable papers, or data breach coverage may cover the cost of replacing your laptop or reconstructing files. Beginning in 2013, the PLF added a Data Breach and Cyber Liability Endorsement to all excess coverage plans. The endorsement provides coverage for information security and privacy liability, privacy breach response services, regulatory defense and penalties, website media content liability, and crisis management and public relations services. Read more here.
  9. Inform your clients.  This is never easy, but clients must be informed if confidential information has been compromised. A sample notification letter is available on the PLF website.  Select Practice Management > Forms > Client Relations > “Notice to Clients re Theft of Computer Equipment.”
  10. Begin reconstructing your file.  Lawyers who are straightforward about an office break in or theft often find that clients are sympathetic, understanding, and more than willing to help.  With a bit of luck, you should be able to reconstruct most or all of your file from your backup or documents supplied by clients.
  11. Going forward, consider storing passwords or other sensitive information in an encrypted password manager.
  12. Backup, backup, backup!  Online backup services are a great way to automatically back up your laptop’s data.  Read more about backup protocols and available resources on the PLF website. Select Practice Management > Forms  > Technology > “How to Backup Your Computer.”
  13. If the theft occurred during an office break in, reassess building security. Talk to the building owner or property manager about alarms, surveillance, or other measures.
  14. Learn more by reading Protect Confidential Files – It Helps!
  15. Call your friendly Law Practice Management Advisor for help.

Cyber Security and Data Breach Response

lock“Cyber threat is one of the most serious economic and national security challenges we face as a nation.”  Barack Obama, President of the United States

The Identity Theft Resource Center has documented over 500 data breaches in 2014 through early September.  This represents a 26.2% increase over the same time period last year. The news isn’t any better for the legal profession.

The latest ABA Legal Technology Survey Report notes that “Nearly half of law firms were infected with viruses, spyware or malware last year.”  Fourteen percent of law firms “experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Where to Start

With such staggering numbers, it is easy to become overwhelmed.  If you are concerned about cyber security but don’t know where to start, begin here at the ABA Web site. If you are a prolific user of mobile devices, be sure to check out the ABA’s suggestions for Security on the Go.  To understand the state of security in US law firms, read this post by Bob Ambrogi.

Make Encryption Your Best Friend

Encryption is a powerful way to protect sensitive data belonging to you and your clients. The ABA post Playing it Safe provides a good overview.  Since TrueCyrpt is no longer available, check out the following reviews of encryption software: LIfehacker, GFI, PC World, and Gizmo.

You’ve Heard it Before: Use Strong Passwords

It seems we are reminding lawyers every other day about the importance of using strong passwords unique to each account or Web site.  See these recent posts on the ABA Law Technology Today blog:

Firewalls, Anti-Spam, Anti-Virus, Malware Protection

The best protection is comprehensive.  This excerpt from The 2014 Solo and Small Firm Technology Guide provides guidance.  Don’t be afraid to hire an IT expert to help.

Purchase Cyber Liability and Data Breach Coverage

The Professional Liability Fund (PLF) Excess Claims Made Plan automatically includes a cyber liability and data breach response endorsement with these features:

  • Forensic and legal assistance to determine compliance with applicable law
  • Notifications to individuals as required by law
  • 12 months credit monitoring to each notified client
  • Loss mitigation resources for law firms

If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.

Protect Yourself Against Scams

The security measures outlined above are a good start toward protecting your firm and your clients from scams.  For more complete protection, get educated.  Order the free PLF CLE: “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss,” and talk to your bank about fraud protection services.

[All Rights Reserved – 2014 – Beverly Michaelis]

 

 

The State of Law Firm Security

Viruses are More Common at Law Firms than Encryption, ABA Survey Shows

Firms-with-virus

“Nearly half of law firms were infected with viruses, spyware or malware last year, according to the latest ABA Legal Technology Survey Report. At the same time, only a quarter of law firms had any kind of email encryption available for their lawyers to use, the survey found.

Also, 14% of law firms experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Bob Ambrogi

Read the full post here.

Leaving Your Firm

Parting isn’t always such sweet sorrow.  In fact, it can be downright contentious.

If you are contemplating leaving your firm, do your research. Meeting your ethical obligations fulfills only part of your responsibilities.

IF YOU ARE A PARTNER

Conduct your partnership withdrawal in a manner that honors the contractual and fiduciary responsibilities owed to your fellow partners.  Contractual duties are controlled by your written partnership agreement.  Fiduciary duties are described in case law and codified by statute in Oregon’s Revised Partnership Act.

IF YOU ARE NOT A PARTNER

Review your employment contract, employment letter, office policies, office procedures, or any other applicable terms that may control the process for terminating your relationship with your current firm or your obligations upon departure.

ARE ISSUES LIKELY TO ARISE?

Consult outside counsel experienced in the areas of lawyer mobility, partnerships, fiduciary duties, lawyer separation, and law firm dissolution.

PUT CLIENTS ABOVE ALL ELSE

If you are making a lateral move to another firm or setting up your own practice, remember that the client’s freedom of choice in selection of counsel is paramount.  Always put the interests of your clients first.  Keep the transition as amicable, professional, and stress-free as possible.  Contentious withdrawals alienate clients and damage relationships.

GIVE NOTICE TO YOUR FIRM BEFORE YOU CONTACT CLIENTS

Inform the firm of your decision to leave before contacting any clients.  Failing to give adequate and timely notice to your firm or partners before you contact clients is a violation of the duty of loyalty owed by a lawyer to his or her firm based on their contractual or agency relationship.  It may also constitute conduct involving dishonesty, fraud, deceit, or misrepresentation in violation of Oregon RPC 8.4(a)(3).

RESOURCES

The Professional Liability Fund has extensive resources for Oregon lawyers who are departing a firm, withdrawing from a partnership, or dissolving a firm.  Visit our Web site for more information.

All rights reserved [2014] Beverly Michaelis.

 

 

Free Shred Days: Pendleton, Astoria, Grants Pass

The Professional Liability Fund is expanding its free shred events statewide for Oregon lawyers.  We will be in the following cities in August:

  • August 2 – Pendleton
  • August 9 – Astoria
  • August 23 – Grants Pass

For details, including start time and directions to the shred events, check your email inbox.  Broadcast emails will be sent soon to lawyers in eastern Oregon, the northern Oregon coast, and the south valley.

Shredding generally continues until the trucks are filled to capacity.  Please respect the box per firm limit so we can provide this service to as many regional law firms as possible.  You must wait until your material is shredded and retrieve your boxes.  We cannot dispose of cardboard.  Paper clips and binder clips can be shredded, but 3-ring binders cannot.

shred

If you have any questions about the upcoming shred events in Pendleton, Astoria, or Grants Pass, please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.

Free shredding services are provided courtesy of the PLF and Blue Mountain, Clatsop County, and Rogue Community Colleges, respectively.  Mobile shredding trucks from Recall, the PLF’s document management company, will be shredding the materials on site.

Calling all Marion and Polk County Lawyers

On Saturday, July 26 the Professional Liability Fund (PLF) and Willamette University College of Law (WUCL) are hosting a FREE shred event in Salem at the university.  All Marion and Polk county lawyers are encouraged to participate.  For details, including start time and directions to the shred event, check your email inbox.

Shredding generally continues until the trucks are filled to capacity. Please respect the box per firm limit, so that we can provide this service to as many Marion and Polk county firms as possible. You must wait until your material is shredded and take your boxes back with you. Paper clips and binder clips are okay to shred but 3-ring binders should be removed.

If you have any questions about the July 26 shred event in Salem, please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.

Free shredding services are provided courtesy of the PLF and WUCL.  Mobile shredding trucks from Recall, the PLF’s document management company, will be shredding the materials onsite.

 

 

 

Free Shred Day – Coming Soon to a City Near You?

We hope so!

The Professional Liability Fund has held several successful shred events at the OSB Center, most recently on May 17:

678 bankers boxes shredded

box

Stretching the equivalent of 24 school buses parked end-to-end

bus1bus2bus3

Weighing as much as 2 full-grown hippos with 26 stout offspring

h2

baby h

We are working with Recall, our document storage and destruction provider, to host future shred events in:

  • Salem
  • Bend
  • Eugene
  • Medford
  • Newport or Tillamook
  • La Grande
  • Pendleton

Stay tuned!

 

13 Resources for Protecting Data – Courtesy of the FTC

With data breaches in the news on an almost daily basis, how do you protect your law firm’s assets? What advice should you give to your clients?

The FTC offers a list of 13 data security resources to help you get started. From mobile apps to digital copiers and shutting down spam, there is a ton of good advice to be culled from these posts and PDFs: Continue reading

Free Shred Day for Multnomah County Lawyers

The Professional Liability Fund is providing free shredding of legal files on Saturday, March 15, from 8:00 a.m. to 12:00 p.m. in the Oregon State Bar Center parking lot. Mobile shredding trucks from Recall, a document management company, will be shredding the materials onsite. Limit: 15 boxes per firm.

The trucks will be located in the back Free Shred Day 8 24 2013 photo by Ivan Hernandezparking lot of the OSB Center, 16037 SW Upper Boones Ferry Road, Tigard, Oregon, 97224. Shredding will be available until the trucks are filled to capacity. Please respect the 15 box per firm limit, so that we can provide this service to as many firms as possible. You must wait until your material is shredded and take your boxes back with you. Paper clips and binder clips are okay to shred but 3-ring binders should be removed.

If you have any questions please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.