Attorney-Client Privilege and Cloud Storage

Do your clients or their agents use cloud storage for case-related documents?  Do they transmit information using unsecured hyperlinks?

If the answer is yes, your client may have waived its claim of privilege to the stored information. This is the lesson learned in Harleysville, where a federal court in Virginia held that an insurance company waived the attorney-client privilege when the insurer’s investigator used an unsecured account to share claim-related information.

Key Facts in Harleysville

  • Insurer’s counsel knew or should have known that the information posted to the cloud account was publicly available because counsel had themselves used the unsecured hyperlink to access and download the claims file.
  • As a result, counsel “failed to take reasonable measures to ensure and maintain the document[s’] confidentiality, or to take prompt and reasonable steps to rectify the error.”
  • The court analogized the insurer’s actions to “leaving its claims file on a bench in the public square” and warned that if a company chooses to use a new technology, “it should be responsible for ensuring that its employees and agents understand how the technology works, and, more importantly, whether the technology allows unwanted access by others to its confidential information.”

Source: Don’t Let New Technology Cloud Your Legal JudgmentProskauer commercial litigation blog.

Lessons Learned

As Proskauer points out:

  • Attorneys and clients are responsible for their own technological choices as well as those of the client’s agents
  • Technological ignorance on the law firm’s part is no excuse

What You Should Do Now

  • Conduct a cyber security audit of your firm’s practices and systems.
  • Establish a secure system for confidential file sharing if one is not already in place. Address other issues uncovered during the security audit.
  • Create file sharing policies and procedures.
  • Train everyone now; conduct annual training sessions thereafter.  Address protocols for uploading and downloading files.  All law firm members – attorneys, staff, administration, bookkeeping – need to know the warning signs of receiving or forwarding content from unsecured hyperlinks.
  • Talk to clients about file storage and sharing practices.  Do they use agents, like the investigator in Harleysville?  If so, how do they exchange documents? Consider offering an on-site client training lunch to go over dos and don’ts.

All Rights Reserved 2017 Beverly Michaelis

 

 

Cyber Security and Data Breach Response

lock“Cyber threat is one of the most serious economic and national security challenges we face as a nation.”  Barack Obama, President of the United States

The Identity Theft Resource Center has documented over 500 data breaches in 2014 through early September.  This represents a 26.2% increase over the same time period last year. The news isn’t any better for the legal profession.

The latest ABA Legal Technology Survey Report notes that “Nearly half of law firms were infected with viruses, spyware or malware last year.”  Fourteen percent of law firms “experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Where to Start

With such staggering numbers, it is easy to become overwhelmed.  If you are concerned about cyber security but don’t know where to start, begin here at the ABA Web site. If you are a prolific user of mobile devices, be sure to check out the ABA’s suggestions for Security on the Go.  To understand the state of security in US law firms, read this post by Bob Ambrogi.

Make Encryption Your Best Friend

Encryption is a powerful way to protect sensitive data belonging to you and your clients. The ABA post Playing it Safe provides a good overview.  Since TrueCyrpt is no longer available, check out the following reviews of encryption software: LIfehacker, GFI, PC World, and Gizmo.

You’ve Heard it Before: Use Strong Passwords

It seems we are reminding lawyers every other day about the importance of using strong passwords unique to each account or Web site.  See these recent posts on the ABA Law Technology Today blog:

Firewalls, Anti-Spam, Anti-Virus, Malware Protection

The best protection is comprehensive.  This excerpt from The 2014 Solo and Small Firm Technology Guide provides guidance.  Don’t be afraid to hire an IT expert to help.

Purchase Cyber Liability and Data Breach Coverage

The Professional Liability Fund (PLF) Excess Claims Made Plan automatically includes a cyber liability and data breach response endorsement with these features:

  • Forensic and legal assistance to determine compliance with applicable law
  • Notifications to individuals as required by law
  • 12 months credit monitoring to each notified client
  • Loss mitigation resources for law firms

If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.

Protect Yourself Against Scams

The security measures outlined above are a good start toward protecting your firm and your clients from scams.  For more complete protection, get educated.  Order the free PLF CLE: “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss,” and talk to your bank about fraud protection services.

[All Rights Reserved – 2014 – Beverly Michaelis]

 

 

To Catch a Voicemail Thief

How many ways can a thief steal from you or your law firm? A break-in is probably the most obvious.  Lifting a briefcase or laptop comes to mind, as does hijacking an IP address or hacking into your computer system.  But what about your phone system?  How could a thief exploit voicemail?  Turns out, it’s pretty easy. 

If you never changed the default password for your system or use simplistic passwords (1234 or the like), you may find yourself owing hundreds of thousands of dollars in phone charges. 

Deborah E. Gillis of the Lawyers’ Insurance Association of Nova Scotia brought this fraud to my attention.  Firms in Ontario and Nova Scotia have been targeted.  Read Deborah’s article here.  Learn more about security at the ABA Legal Technology Resource Center and how to create strong passwords to protect ALL your valuable systems.

Copyright 2010 Beverly Michaelis