confidentiality in a wired world
DESCRIPTION
This is an update of a session I have given to lawyers participating in the Law Society of Upper Canada's professional competence course. It looks at managing risk in law practices when dealing with confidential client information. Topics include social media, communications and e-mail, ethics opinions and "reasonable" and "competent" standards for lawyer professionalism, endpoint encryption, and physical security.TRANSCRIPT
![Page 1: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/1.jpg)
Confidentiality in a Wired World
The Law Society of Upper CanadaProfessional Development & Competence
David Whelan, Manager, Legal Information • [email protected]
![Page 2: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/2.jpg)
Competence
(c) the records, systems, or procedures of the lawyer’s professional business
![Page 3: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/3.jpg)
Confidentiality
A lawyer at all times shall hold in strict confidence all information …
![Page 4: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/4.jpg)
“Oops”
![Page 5: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/5.jpg)
![Page 6: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/6.jpg)
![Page 7: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/7.jpg)
A lawyer shall … assume complete professional responsibility for his or her practice of law …
![Page 8: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/8.jpg)
![Page 9: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/9.jpg)
Shhhhh!
Related topic: Privacy obligations under PIPEDA- “information about an identifiable
individual”
- Broad, includes potential client information
- Privacy Handbook for Lawyers
![Page 10: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/10.jpg)
COMMUNICATIONS
Watch What You Say!
![Page 11: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/11.jpg)
![Page 12: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/12.jpg)
… conducted what should have been a confidential conversation about pending layoffs at his firm – in a loud voice…, on a crowded Acela train.
![Page 13: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/13.jpg)
E-mail?
Reasonable expectation of privacy
But- Easy, free: Hushmail.com,
Yousendit.com
- May depend on client, subject matter
- May be better not to send as e-mail
- Consider informing client, getting signoff on using e-mail
![Page 14: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/14.jpg)
One of the outside lawyers …had mistakenly e-mailed confidential information on the talks to Times reporter Alex Berenson instead of Bradford Berenson, her co-counsel…
![Page 15: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/15.jpg)
Who is Your Audience?
E-mail Recipients- Address the e-mail last
- Verify the recipients
Is client’s e-mail private?- Web-based e-mail, not employer’s
- See ABA Formal Opinion 11-459 (8/2011)
Social Media (Twitter, Facebook)
![Page 16: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/16.jpg)
SECURE YOUR TECHNOLOGY
Passwords and Encryption
![Page 17: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/17.jpg)
![Page 18: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/18.jpg)
![Page 19: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/19.jpg)
mxyzptlk
![Page 20: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/20.jpg)
Strong Passwords, Written Down
8 or more characters
UPPER, lower, $peci&l
Balance obscure with memorable- terms of art becomes t3rm$0f&rt
Test it: passwordmeter.com
Store it somewhere safe and secure
![Page 21: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/21.jpg)
Your data
Encryption layerEncrypted
![Page 22: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/22.jpg)
Your data
Encryption layerDecrypted
Once decrypted, your data is accessible until re-encrypted
![Page 23: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/23.jpg)
Encryption at rest
![Page 24: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/24.jpg)
Encryption at rest
Web search for endpoint encryption
iPhone 4+: built-in
Blackberry: built-in
Android 3: built-in
Windows: add-on
Truecrypt.org (free)
McAfee.com (McAfee Anti-Theft)
TrendMicro.com (Endpoint Encryption)
CheckPoint.com (Full Disk Encryption)
Symantec.com (PGP Whole Disk Encryption)
Windows Vista/7 Bitlocker
Mac OS File Vault
![Page 25: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/25.jpg)
Encryption in motion
When you transmit or receive …- Password: https://mybank.com
- Search: https://www.google.com/
- Files: https://www.dropbox.com/
Firefox: HTTPS Everywhere add-on- Defaults over 200 sites to https://
![Page 26: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/26.jpg)
Encryption in motion
![Page 27: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/27.jpg)
Cloud Computing
Software-as-a-Service- Use SSL (https://) for connections
- Content should be encrypted at rest
![Page 28: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/28.jpg)
SECURE YOUR DEVICE
You Better Take It With You
![Page 29: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/29.jpg)
Physical Security
![Page 30: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/30.jpg)
Physical Security
Your locks should reflect your duty- Household locks weaker than commercial
- File cabinets, shed/garage doors weak
Use them- No doors propped open
- Keep servers, important tech in locked, well-ventilated room
![Page 31: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/31.jpg)
Everything is Portable
![Page 32: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/32.jpg)
Secure ALL Your Computers
Value is in the case, not the data
Your risk is in data
![Page 33: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/33.jpg)
Creature of Habit
Get into habits of handling devices- Put wireless phone, tablet in regular place
- Easy to check, notice it’s missing
Secure devices with password
Add remote control, wipe apps- Delete device content remotely
- Locate where device is
![Page 34: Confidentiality in a Wired World](https://reader033.vdocuments.us/reader033/viewer/2022061118/546a3a6aaf7959842c8b4bf2/html5/thumbnails/34.jpg)
Conclusion
Watch your communications, what, how, and where
Secure entry with passwords, locks
Protect data with encryption at rest, in motion