Bar News - November 16, 2016
Book Review: ‘Locked Down’ Essential Reading on Data Security
By: Review by Eric Cook
By Sharon D. Nelson, David G. Ries, and John W. Simek
American Bar Association (2013)
All NH Bar members should read this book, or one with similar information. It deals with information security and it affects all of us, no matter who we work for, no matter how large or small the firm, agency, municipality, or company.
A quick check of the NH Rules of Professional Conduct online shows Rule 1.6(c), which reads: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The standard is “reasonable” and, as recently as 20 years ago, you could satisfy that standard with a locked cabinet in a locked office; no longer. We now live in a world of phishing, distributed denial of service attacks, targeted hacks for profit by criminal organizations, state-sponsored hacks for profit and political gain, the cloud and much more.
Client data includes documents, spreadsheets, emails, calls, pictures, PowerPoints, texts and more; and you need to act reasonably to protect it.
Do you work on a laptop (and who among us do not)? Its very portability puts it and all its data at risk. Is it password protected? In other words, if I find it on a park bench and turn it on, can I access everything on it? If it is not at minimum password protected, you may be at risk of not meeting the reasonable standard.
Now, of course, none of us will be careless enough to leave it on a park bench. How about in a locked car when you are at the gym or at a restaurant for dinner? That’s secure enough, right? Say you are representing the wife in a divorce case and the husband follows you to the gym some random Tuesday, waits for you to go in, smashes the car window and grabs it.
Got a smartphone? Using that passcode function is a pain, right? If I find it at a bar some night or steal it from your locked car and it’s not passcode protected, what will I find?
How about that whole cloud thing, too; is that great, or what? Unlimited storage, accessible from anywhere and any device. Say, according to the Terms of Service, who owns that data? Can the cloud service access it at will, turn it over to law enforcement or government agencies without your permission? Do they do a good job of protecting your data? Is the data stored in the U.S. or overseas? ITAR violation? Is it a reputable service or is it Eric’s Cloud Services operated out of a garage on Pillsbury Street?
What about Gmail? It’s free, just the right price for a solo on a tight budget. Did you know that according to the Terms of Service, Google can do whatever it wants with that data?
“When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”
Attorneys need to know the answers to these questions and take reasonable steps to ensure that the answers to them are good. It is a brave new world, colleagues.
That is why I strongly recommend you buy or read this book. It doesn’t matter if you are a solo or working for a 500-person firm, the information in this book will better equip you to understand the risks of data breach, and what you can do to reasonably protect client data.
There are clear explanations of the risks, understandable by the layman, and useful to the techs. The Appendices have Bar opinions, checklists, useful websites and more. It’s not all you need to protect your data, but it’s all you need to get educated, practically evaluate your risk, and get started.
So, if you can afford it, buy it. If you are in a company or firm with an IT department, buy several copies. If you cannot afford it, get it from your local library or check with the Bar.
Eric Cook is an attorney who lives in Portsmouth and has practiced in New Hampshire since 1998.