Confidentiality in a Wired World

461 views

Published on

This is an update of a session I have given to lawyers participating in the Law Society of Upper Canada's professional competence course. It looks at managing risk in law practices when dealing with confidential client information. Topics include social media, communications and e-mail, ethics opinions and "reasonable" and "competent" standards for lawyer professionalism, endpoint encryption, and physical security.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
461
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Confidentiality in a Wired World

  1. 1. Confidentiality in a Wired World The Law Society of Upper Canada Professional Development & Competence David Whelan, Manager, Legal Information • [email_address]
  2. 2. Competence (c) the records, systems, or procedures of the lawyer’s professional business
  3. 3. Confidentiality A lawyer at all times shall hold in strict confidence all information …
  4. 4. “ Oops”
  5. 7. A lawyer shall … assume complete professional responsibility for his or her practice of law …
  6. 9. Shhhhh! <ul><li>Related topic: Privacy obligations under PIPEDA </li></ul><ul><ul><li>“ information about an identifiable individual” </li></ul></ul><ul><ul><li>Broad, includes potential client information </li></ul></ul><ul><ul><li>Privacy Handbook for Lawyers </li></ul></ul>
  7. 10. COMMUNICATIONS <ul><li>Watch What You Say! </li></ul>
  8. 12. … conducted what should have been a confidential conversation about pending layoffs at his firm – in a loud voice…, on a crowded Acela train.
  9. 13. E-mail? <ul><li>Reasonable expectation of privacy </li></ul><ul><li>But </li></ul><ul><ul><li>Easy, free: Hushmail.com, Yousendit.com </li></ul></ul><ul><ul><li>May depend on client, subject matter </li></ul></ul><ul><ul><li>May be better not to send as e-mail </li></ul></ul><ul><ul><li>Consider informing client, getting signoff on using e-mail </li></ul></ul>
  10. 14. One of the outside lawyers …had mistakenly e-mailed confidential information on the talks to Times reporter Alex Berenson instead of Bradford Berenson , her co-counsel…
  11. 15. Who is Your Audience? <ul><li>E-mail Recipients </li></ul><ul><ul><li>Address the e-mail last </li></ul></ul><ul><ul><li>Verify the recipients </li></ul></ul><ul><li>Is client’s e-mail private? </li></ul><ul><ul><li>Web-based e-mail, not employer’s </li></ul></ul><ul><ul><li>See ABA Formal Opinion 11-459 (8/2011) </li></ul></ul><ul><li>Social Media (Twitter, Facebook) </li></ul>
  12. 16. SECURE YOUR TECHNOLOGY <ul><li>Passwords and Encryption </li></ul>
  13. 19. mxyzptlk
  14. 20. Strong Passwords, Written Down <ul><li>8 or more characters </li></ul><ul><li>UPPER, lower, $peci&l </li></ul><ul><li>Balance obscure with memorable </li></ul><ul><ul><li>terms of art becomes t3rm$0f&rt </li></ul></ul><ul><li>Test it: passwordmeter.com </li></ul><ul><li>Store it somewhere safe and secure </li></ul>
  15. 21. Your data Encryption layer Encrypted
  16. 22. Your data Encryption layer Decrypted Once decrypted, your data is accessible until re-encrypted
  17. 23. Encryption at rest
  18. 24. Encryption at rest Web search for endpoint encryption iPhone 4+: built-in Blackberry: built-in Android 3: built-in Windows: add-on Truecrypt.org (free) McAfee.com (McAfee Anti-Theft) TrendMicro.com (Endpoint Encryption) CheckPoint.com (Full Disk Encryption) Symantec.com (PGP Whole Disk Encryption) Windows Vista/7 Bitlocker Mac OS File Vault
  19. 25. Encryption in motion <ul><li>When you transmit or receive … </li></ul><ul><ul><li>Password: http s ://mybank.com </li></ul></ul><ul><ul><li>Search: http s ://www.google.com/ </li></ul></ul><ul><ul><li>Files: http s ://www.dropbox.com/ </li></ul></ul><ul><li>Firefox: HTTPS Everywhere add-on </li></ul><ul><ul><li>Defaults over 200 sites to https:// </li></ul></ul>
  20. 26. Encryption in motion
  21. 27. Cloud Computing <ul><li>Software-as-a-Service </li></ul><ul><ul><li>Use SSL (https://) for connections </li></ul></ul><ul><ul><li>Content should be encrypted at rest </li></ul></ul>
  22. 28. SECURE YOUR DEVICE <ul><li>You Better Take It With You </li></ul>
  23. 29. Physical Security
  24. 30. Physical Security <ul><li>Your locks should reflect your duty </li></ul><ul><ul><li>Household locks weaker than commercial </li></ul></ul><ul><ul><li>File cabinets, shed/garage doors weak </li></ul></ul><ul><li>Use them </li></ul><ul><ul><li>No doors propped open </li></ul></ul><ul><ul><li>Keep servers, important tech in locked, well-ventilated room </li></ul></ul>
  25. 31. Everything is Portable
  26. 32. Secure ALL Your Computers <ul><li>Value is in the case, not the data </li></ul><ul><li>Your risk is in data </li></ul>
  27. 33. Creature of Habit <ul><li>Get into habits of handling devices </li></ul><ul><ul><li>Put wireless phone, tablet in regular place </li></ul></ul><ul><ul><li>Easy to check, notice it’s missing </li></ul></ul><ul><li>Secure devices with password </li></ul><ul><li>Add remote control, wipe apps </li></ul><ul><ul><li>Delete device content remotely </li></ul></ul><ul><ul><li>Locate where device is </li></ul></ul>
  28. 34. Conclusion <ul><li>Watch your communications, what, how, and where </li></ul><ul><li>Secure entry with passwords, locks </li></ul><ul><li>Protect data with encryption at rest, in motion </li></ul>

×