Page 9 - Leisure Living Magazine August 2017
P. 9
Technology Affects A Lawyer’s Duty To
Protect Confidential Information
“Law You Can Use” Courtesy of the Ohio State Bar Association
Q: How can my attorney avoid a data breach like the massive Yahoo breach in late 2016? A: In late 2016, Yahoo was the subject of two massive data breaches and hacks affecting more than 1.5 billion users. The compromised data included names, birthdates, passwords, and security questions and answers. Many individuals, including attorneys, still use email providers such as Yahoo, AOL, and MSN’s Hotmail. Unfortunately, these providers have not taken adequate security measures to prevent the sort of breach that Yahoo
has faced.
To avoid such a data breach, your
attorney should ideally be using a secure email provider such
as GMAIL.
Q: What if my attorney
has been using a Yahoo
account and has stored
my private information on
it?
A: Your attorney should at least ensure that the Yahoo account is no longer compromised. Your attorney should also take the following steps to ensure that your data (and that of other clients) is protected: 1) change his/her email address; 2) change password and security questions and answers; 3) enable two-layer protection, which requires two levels of authentication before a user is officially logged into the account. Your attorney should also understand that the risk of hacking is not so much an “if ” but a “when.”
Q: I am meeting with a new attorney about drafting a will. Is it appropriate to ask her what email provider she uses?
A. Yes. You are well within your rights to ask what email provider your attorney uses, because ultimately, she will be handling your confidential information.
Q: How does a lawyer handle my confidential information?
A: A lawyer must “act competently to safeguard information relating to the representation of a client,” according to Model Rule 1.6, which governs attorneys’ ethical practices. Today, lawyers must have the most updated security settings enabled through their email provider; updated anti-virus and anti-malware protection; a continuous external backup of all confidential information to a secured server or external hard
drive; and they must understand how cloud computing works to competently comply with this obligation. With any cloud or virtual online storage hosting of client data, your lawyer should enter into a Service Level Agreement (SLA) that dictates how client data and files are to be kept secure. The law office should use firewalls and data encryption to further ensure that a client’s data is kept confidential. Many firms use cloud-computing, but attorneys must be
smart about how and why they use it.
Q: Must my lawyer follow any standards to safeguard my confidential information?
A: Yes. Anyone who has Federal Taxpayer Information (FTI) must follow standards set by the Internal Revenue Service (Regulation 1075). This regulation provides guidelines and procedures not only for computer use but also for storing and destroying physical files containing FTI. While this regulation is probably “overkill” for the average law office, it is an excellent guide for law firms to follow. For example, law offices should have written policies regarding remote access to their computer systems and for the use of thumb drives. Internet use by employees on computers housing client’s information should be regulated and monitored.
Continued on page 10
www.LeisureLivingMagazine.com
August 2017 LeisureLiving | 9
