New Hampshire Bar Association
About the Bar
For Members
For the Public
Legal Links
Online Store
Vendor Directory
NH Bar Foundation
Judicial Branch

Keep your contact information up-to-date.

Trust your transactions to the only payment solution recommended by over 50 bar associations.
New Hampshire Bar Association
Lawyer Referral Service Law Related Education NHBA CLE NHBA Insurance Agency
Member Login
Member Portal

Bar News - November 16, 2016

Book Review: ‘Locked Down’ Essential Reading on Data Security


Locked Down
By Sharon D. Nelson, David G. Ries, and John W. Simek
American Bar Association (2013)
319 pages

All NH Bar members should read this book, or one with similar information. It deals with information security and it affects all of us, no matter who we work for, no matter how large or small the firm, agency, municipality, or company.

A quick check of the NH Rules of Professional Conduct online shows Rule 1.6(c), which reads: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

The standard is “reasonable” and, as recently as 20 years ago, you could satisfy that standard with a locked cabinet in a locked office; no longer. We now live in a world of phishing, distributed denial of service attacks, targeted hacks for profit by criminal organizations, state-sponsored hacks for profit and political gain, the cloud and much more.

Client data includes documents, spreadsheets, emails, calls, pictures, PowerPoints, texts and more; and you need to act reasonably to protect it.

Do you work on a laptop (and who among us do not)? Its very portability puts it and all its data at risk. Is it password protected? In other words, if I find it on a park bench and turn it on, can I access everything on it? If it is not at minimum password protected, you may be at risk of not meeting the reasonable standard.

Now, of course, none of us will be careless enough to leave it on a park bench. How about in a locked car when you are at the gym or at a restaurant for dinner? That’s secure enough, right? Say you are representing the wife in a divorce case and the husband follows you to the gym some random Tuesday, waits for you to go in, smashes the car window and grabs it.

Got a smartphone? Using that passcode function is a pain, right? If I find it at a bar some night or steal it from your locked car and it’s not passcode protected, what will I find?

How about that whole cloud thing, too; is that great, or what? Unlimited storage, accessible from anywhere and any device. Say, according to the Terms of Service, who owns that data? Can the cloud service access it at will, turn it over to law enforcement or government agencies without your permission? Do they do a good job of protecting your data? Is the data stored in the U.S. or overseas? ITAR violation? Is it a reputable service or is it Eric’s Cloud Services operated out of a garage on Pillsbury Street?

What about Gmail? It’s free, just the right price for a solo on a tight budget. Did you know that according to the Terms of Service, Google can do whatever it wants with that data?

“When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

Scary, right?

Attorneys need to know the answers to these questions and take reasonable steps to ensure that the answers to them are good. It is a brave new world, colleagues.

That is why I strongly recommend you buy or read this book. It doesn’t matter if you are a solo or working for a 500-person firm, the information in this book will better equip you to understand the risks of data breach, and what you can do to reasonably protect client data.

There are clear explanations of the risks, understandable by the layman, and useful to the techs. The Appendices have Bar opinions, checklists, useful websites and more. It’s not all you need to protect your data, but it’s all you need to get educated, practically evaluate your risk, and get started.

So, if you can afford it, buy it. If you are in a company or firm with an IT department, buy several copies. If you cannot afford it, get it from your local library or check with the Bar.

Eric Cook

Eric Cook is an attorney who lives in Portsmouth and has practiced in New Hampshire since 1998.

If you are in doubt about the status of any meeting, please call the Bar Center at 603-224-6942 before you head out.

Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store
Lawyer Referral Service | Law-Related Education | NHBA•CLE | NHBA Insurance Agency | NHMCLE
Search | Calendar

New Hampshire Bar Association
2 Pillsbury Street, Suite 300, Concord NH 03301
phone: (603) 224-6942 fax: (603) 224-2910
© NH Bar Association Disclaimer