Butler Rubin Partner, Dan Cotter discusses in detail the changes to the Model Rules of Professional Conduct that impact lawyers and their obligations to understand technology and safeguard against inadvertent data breaches.
Cyber Liability Coverage in the Marketplace with Dan CotterButlerRubin
Butler Rubin partner Daniel A. Cotter discussed the Model Rules of Professional Conduct (RPCs) as they relate to lawyers’ technology obligations at the National Association of Bar Related Insurance Companies (NABRICO) 2017 Annual Conference hosted by ISBA Mutual in Chicago, IL. Dan joined a panel of experts including Michael Hannigan (Konicek & Dillon), Alex Ricardo (Beazley Group), and Daniel Zureich (Lawyers Mutual Insurance Company of North Carolina) to discuss, “Cyber Liability Coverage in the Marketplace.” Dan emphasized the need for the insurers to consider what the reasonable standard is for lawyers and to help frame the answer. Dan also addressed some recent cyber-related decisions and cases pending.
For more information on developments in the cyber insurance and privacy areas, contact Dan Cotter (dcotter@butlerrubin.com).
Legal Issues in Mobile Security Researchmarciahofmann
I gave this talk at CanSecWest in 2012. Abstract:
This presentation will identify and discuss sticky legal problems raised by researching the security of mobile devices. Using American law as a jumping-off point, I'll discuss common legal issues that arise in mobile security research such as jailbreaking, reverse engineering, and interception of communications. We'll also talk about practical ways to reduce the risks of your research so that you can go about your work with less potential for legal trouble.
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
Why law firms are vulnerable to cyber attack
What are lawyer's ethical duties
The value of privilege & how to obtain it
The value of the security assessment
The value of continuous security monitoring
Cyber Liability Coverage in the Marketplace with Dan CotterButlerRubin
Butler Rubin partner Daniel A. Cotter discussed the Model Rules of Professional Conduct (RPCs) as they relate to lawyers’ technology obligations at the National Association of Bar Related Insurance Companies (NABRICO) 2017 Annual Conference hosted by ISBA Mutual in Chicago, IL. Dan joined a panel of experts including Michael Hannigan (Konicek & Dillon), Alex Ricardo (Beazley Group), and Daniel Zureich (Lawyers Mutual Insurance Company of North Carolina) to discuss, “Cyber Liability Coverage in the Marketplace.” Dan emphasized the need for the insurers to consider what the reasonable standard is for lawyers and to help frame the answer. Dan also addressed some recent cyber-related decisions and cases pending.
For more information on developments in the cyber insurance and privacy areas, contact Dan Cotter (dcotter@butlerrubin.com).
Legal Issues in Mobile Security Researchmarciahofmann
I gave this talk at CanSecWest in 2012. Abstract:
This presentation will identify and discuss sticky legal problems raised by researching the security of mobile devices. Using American law as a jumping-off point, I'll discuss common legal issues that arise in mobile security research such as jailbreaking, reverse engineering, and interception of communications. We'll also talk about practical ways to reduce the risks of your research so that you can go about your work with less potential for legal trouble.
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
Why law firms are vulnerable to cyber attack
What are lawyer's ethical duties
The value of privilege & how to obtain it
The value of the security assessment
The value of continuous security monitoring
Aba gp solo magazine schumann technology article-20160319_as publishedRalph Schumann
I am very happy that my article, entitled "How Real Estate Lawyers Can Use Technology to Guard Against Security and Compliance Threats", has been published in the current issue of the American Bar Association's GPSolo magazine.
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
Privacy and data security are hot topics among US state and federal regulators as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past several years, data breaches have occurred in the hospitality, software, retail, and healthcare industries. Join Tatiana Melnik to see how stakeholders can minimize data breach risks, and privacy and security concerns by integrating the Privacy by Design Model into the software development lifecycle. To understand how to minimize risks, stakeholders must understand the regulatory compliance scheme surrounding personally identifiable information; the Privacy by Design approach and the Federal Trade Commission’s involvement; and enforcement actions undertaken by federal agencies, State Attorneys’ General, and class action suits filed by plaintiffs.
NIST Cybersecurity Requirements for Government ContractorsUnanet
What is Controlled Unclassified Information (CUI)? What is NIST SP 800-171? How is my project management and accounting system impacted?
Navigating your way through these complex topics can be difficult for any government contractor, but protecting CUI in a non-federal environment is critical. Compliance is required by December 31, 2017.
Join us for this webinar to learn more about:
• What it means to be compliant with NIST SP 800-171
• Documenting your compliance status
• Preparing for audits and/or requests for compliance attestation/reports
• Key CUI requirements
• Suggested NIST processes
• How having the right system and team in place can help you remain compliant
Learn more at: https://www.unanet.com/news/demand-webinars
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Financial Poise
Technology is rapidly changing the way lawyers provide services. This is so especially in light of the Covid-19 pandemic, which creates new and different ethical challenges to confidentiality, cyber fraud and securing data, marketing and advertising concerns, and client communications. This webinar will address a myriad of new problems lawyers are facing and some practical suggestions and solutions that arise out of the changing manner and pace of the practice of law. This webinar will also cover several ABA Model Rules of Professional Conduct.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/best-practices-regarding-technology-2021/
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
Invited speaker: "Growing Trend of Finding Regulatory and Tort Liability for Cyber Security Breaches ”
with Mark W. Ishman, J.D., Masters in Law in Information Technology and Privacy Law
Slides from our June 12, 2014 webinar focusing Cybersecurity. These slides contain information on risk, legal information, and how to choose an insurance policy covering cybersecurity breaches.
Does your organization take credit card information? Do you store personal information on your staff, clients or donors? Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
Does your organization take credit card information? Do you store personal information on your staff, clients or donors. Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Come learn the basics of these industry regulations, including:
-Who it applies to
-Requirements for compliance
-Penalties for noncompliance
Law firm cybersecurity in the cloud
According to the 2017 ABA Legal Technology Survey, 22% of law firms faced a cyberattack or data breach—and you don’t want your firm to be one of them.
That’s why staying up to date with the latest legal technology is key to managing your firm’s cybersecurity and keeping your clients’ data as secure as possible.
Learn how law firms can utilize cloud technology to create greater cybersecurity than what they have now.
In this CLE-eligible webinar, you’ll learn:
Top cybersecurity risks for law firms
How to eliminate high cyber-risk vectors
How to recover from a cyber incident
Duration: 60 minutes
https://landing.clio.com/law-firm-cybersecurity.html
Aba gp solo magazine schumann technology article-20160319_as publishedRalph Schumann
I am very happy that my article, entitled "How Real Estate Lawyers Can Use Technology to Guard Against Security and Compliance Threats", has been published in the current issue of the American Bar Association's GPSolo magazine.
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
Privacy and data security are hot topics among US state and federal regulators as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past several years, data breaches have occurred in the hospitality, software, retail, and healthcare industries. Join Tatiana Melnik to see how stakeholders can minimize data breach risks, and privacy and security concerns by integrating the Privacy by Design Model into the software development lifecycle. To understand how to minimize risks, stakeholders must understand the regulatory compliance scheme surrounding personally identifiable information; the Privacy by Design approach and the Federal Trade Commission’s involvement; and enforcement actions undertaken by federal agencies, State Attorneys’ General, and class action suits filed by plaintiffs.
NIST Cybersecurity Requirements for Government ContractorsUnanet
What is Controlled Unclassified Information (CUI)? What is NIST SP 800-171? How is my project management and accounting system impacted?
Navigating your way through these complex topics can be difficult for any government contractor, but protecting CUI in a non-federal environment is critical. Compliance is required by December 31, 2017.
Join us for this webinar to learn more about:
• What it means to be compliant with NIST SP 800-171
• Documenting your compliance status
• Preparing for audits and/or requests for compliance attestation/reports
• Key CUI requirements
• Suggested NIST processes
• How having the right system and team in place can help you remain compliant
Learn more at: https://www.unanet.com/news/demand-webinars
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Financial Poise
Technology is rapidly changing the way lawyers provide services. This is so especially in light of the Covid-19 pandemic, which creates new and different ethical challenges to confidentiality, cyber fraud and securing data, marketing and advertising concerns, and client communications. This webinar will address a myriad of new problems lawyers are facing and some practical suggestions and solutions that arise out of the changing manner and pace of the practice of law. This webinar will also cover several ABA Model Rules of Professional Conduct.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/best-practices-regarding-technology-2021/
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
Invited speaker: "Growing Trend of Finding Regulatory and Tort Liability for Cyber Security Breaches ”
with Mark W. Ishman, J.D., Masters in Law in Information Technology and Privacy Law
Slides from our June 12, 2014 webinar focusing Cybersecurity. These slides contain information on risk, legal information, and how to choose an insurance policy covering cybersecurity breaches.
Does your organization take credit card information? Do you store personal information on your staff, clients or donors? Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
Does your organization take credit card information? Do you store personal information on your staff, clients or donors. Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Come learn the basics of these industry regulations, including:
-Who it applies to
-Requirements for compliance
-Penalties for noncompliance
Law firm cybersecurity in the cloud
According to the 2017 ABA Legal Technology Survey, 22% of law firms faced a cyberattack or data breach—and you don’t want your firm to be one of them.
That’s why staying up to date with the latest legal technology is key to managing your firm’s cybersecurity and keeping your clients’ data as secure as possible.
Learn how law firms can utilize cloud technology to create greater cybersecurity than what they have now.
In this CLE-eligible webinar, you’ll learn:
Top cybersecurity risks for law firms
How to eliminate high cyber-risk vectors
How to recover from a cyber incident
Duration: 60 minutes
https://landing.clio.com/law-firm-cybersecurity.html
Don't be a robot: You can't automate your ethical considerationsNehal Madhani
Technology--especially given its exponential growth--allows attorneys to streamline their practices and automate previously manual aspects of their legal work. While technology can save attorneys time and allow them to focus their attention on more substantive tasks, attorneys are often leary of its ethical pitfalls.
This presentation addresses attorneys’ technological options and obligations and explains how to successfully incorporate technology into your legal practice.
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
Presentation delivered at the Cybersecurity for the Board & C-Suite "What You Need to Know" Cyber Security Summit Sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. Shawn Tuma, Cybersecurity & Data Privacy lawyer at Scheef & Stone, LLP in Frisco and Dallas, Texas.
The presentation date was September 13, 2016.
As a cybersecurity and privacy attorney, Shawn Tuma spends much of his time assisting clients proactively prepare for the legal aspects of cybersecurity incidents and respond to incidents when they occur. His work with management, legal, as well as the technology departments, and focus on the legal aspects of cybersecurity, gives him unique insight into how the non-technical areas of companies understand and evaluate cybersecurity.
In his presentation, Tuma will explain how, in his experience, the traditional fear, uncertainty, and doubt – the fear -- that has been used to “sell” cybersecurity has now gone too far and has created a feeling of hopelessness in many companies that has led many to simply quit trying. Instead of always focusing on the fear, he will explain how cybersecurity professionals should help empower companies to do what they can, even if they can’t do everything, so that they can at least improve their cybersecurity posture even if they can’t become “secure.”
Tuma will explain how recent legal and regulatory compliance developments encourage companies to take this approach by doing what is reasonable and provide specific action items that virtually all companies can implement to better themselves in this regard – especially if they find themselves in an incident response situation.
After completing this session, you will:
• Understand why cybersecurity is as much a legal issue as it is a business or technology issue.
• Understand how most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
• Understand the need to, and how to, focus on the basics of risk and preparation for mitigating such risk.
• Understand the 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
• Know the 3 pre-breach must-haves for every company to have in place.
• Understand the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated.
• Understand why selling the FUD impedes all of these objectives and harms companies’ cybersecurity posture more than it helps.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxOmGod1
Victims of crime have a range of rights designed to ensure their protection, support, and participation in the justice system. These rights include the right to be treated with dignity and respect, the right to be informed about the progress of their case, and the right to be heard during legal proceedings. Victims are entitled to protection from intimidation and harm, access to support services such as counseling and medical care, and the right to restitution from the offender. Additionally, many jurisdictions provide victims with the right to participate in parole hearings and the right to privacy to protect their personal information from public disclosure. These rights aim to acknowledge the impact of crime on victims and to provide them with the necessary resources and involvement in the judicial process.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
ASHWINI KUMAR UPADHYAY v/s Union of India.pptxshweeta209
transfer of the P.I.L filed by lawyer Ashwini Kumar Upadhyay in Delhi High Court to Supreme Court.
on the issue of UNIFORM MARRIAGE AGE of men and women.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
1. Do You Wannacry:
Your Ethical and Legal
Duties Regarding
Cybersecurity & Privacy
May 23, 2017
Presenters:
Daniel A. Cotter
Butler Rubin Saltarelli & Boyd LLP
321 N. Clark Street, Suite 400
Chicago, IL 60654
Dcotter@butlerrubin.com
2. The materials in this presentation are intended to provide a general
overview of the issues contained herein and are not intended nor
should they be construed to provide specific legal or regulatory
guidance or advice. If you have any questions or issues of a specific
nature, you should consult with appropriate legal or regulatory
counsel to review the specific circumstances involved. Views
expressed are those of the speaker and are not to be attributed to
his firm or clients.
3. Goals/Roadmap
• A Little Bit of History and Looking Back
• Why do you as a lawyer care?
• RPCs
• Some actual application
18. The World in Law and Tech/AI in 2016
Source: Goodman, Joanna, Robots in Law: How
Artificial Intelligence is Transforming Legal Services
(ARK Group 2016)
31. Some Basics—Identity Theft Resource Center
http://www.idtheftcenter.org/2016databreaches.html
“The ITRC currently tracks seven categories of data loss
methods:
-Insider Theft,
- Hacking/Skimming/Phishing,
- Data on the Move,
- Subcontractor/Third Party/BA,
- Employee error/Negligence/Improper disposal/Lost,
- Accidental web/Internet Exposure, and
- Physical Theft.”
32. Some sobering numbers from ITRC
2005 to October 14, 2016
Number of Breaches =
Number of Records =
33. Some sobering numbers from ITRC
2005 to October 14, 2016
Number of Breaches = 6,573
Number of Records =
34. Some sobering numbers from ITRC
2005 to October 14, 2016
Number of Breaches = 6,573
Number of Records = 880,651,559
35. Industries Most Impacted by Breaches
2015 data (Baker Hostetler Data Security Incident
Response Report):
36. Increase in Cyber Attacks on U.S. Health Insurers
2015 – a Banner Year
BlueCross/Blue Shield Company Number of Health Records Breached
Anthem 57.8M
Premera 11M
Excellus 10M
Total 78.8M
Percentage of Annual Health Care Breaches
Reported in 2015
70.48%
Value of Records on DarkNet $78.8B
38. The Parade of Horribles
- Inadvertence, mistake: Law Firm’s Documents
Dumped in Trash, Gainesville Times, October 16,
2011.
- Cyber attack: Wiley Rein Hack LLP Hack (2011).
- Physical Security. Laptop Stolen from Law Offices of
David A. Krausz, Sensitive Info at Risk, Softpedia.
- Insider threats: Orrick breach.
- Readers of WSJ on 3/29/2016: “Hackers Breach Law
Firms, Including Cravath and Weil Gotshal”
- Edelson Law putative class action against Johnson &
Bell (N.D. IL 2016) and what has since happened
- Real Estate closings
42. Rules of Professional Conduct
Some Relevant Ethical Rules
•Illinois Rule 1.1 (Competence)
•Illinois Rule 1.6 (Confidentiality of
Information)
•Illinois Rule 1.4 (Communication)
•Illinois Rules 1.15, 1.16 (Duty to Safeguard
Client Property)
•Illinois Rules 5.1, 5.2, 5.3 (Duty of
Supervision)
43. Rules of Professional Conduct
Illinois Rule 1.1
Duty of Competence
A lawyer shall provide competent representation to a client.
Competent representation requires the legal knowledge, skill,
thoroughness and preparation reasonably necessary for the
representation.
44. Duty of Competence
Rule 1.1 includes competence in selecting and using
technology. It requires attorneys who lack the
necessary technical competence for security (many, if
not most attorneys) to consult with qualified people
who have the requisite expertise.
Comment [8] MRPC: To maintain the requisite
knowledge and skill, a lawyer should keep abreast of
changes in the law and its practice, including the
benefits and risks associated with relevant technology,
engage in continuing study and education and comply
with all continuing legal education requirements to
which the lawyer is subject.
45. Relevant Laws Relating to Legal Obligations
All 50 states and DC have adopted ABA Model Rule 1.1
(either in whole or with modifications).
At least 25 states have adopted Comment 8.
45
46. Florida Rule
- September 30, 2016- every lawyer admitted to Florida
Bar must take three hours of technology-related CLE
during a three-year cycle.
47. HOW HARD CAN IT BE?
Nick Burns: Move! [ sits down ] ... See where it says "4" and
"FL". That's fourth floor. That's where we are, we're on the
fourth floor. That's it. You pick that one. Is that so hard?
Geeze Louise, I can't wait to get my NTSC and quit this job.
[ steps over to the Female Employee's computer ] What's
your problem?
Female Employee: Well, it just crashes every time my screen
saver comes up.
Nick Burns: Alright, let's run a test, just type in:
XY.VIOLATOR/467 F47
Female Employee: Type in?
Nick Burns: Move!
52. Duty of Confidentiality
Illinois Rule 1.6(e)(amended October 15, 2015,
effective January 1, 2016)
– “A lawyer shall make reasonable efforts to
prevent the inadvertent or unauthorized
disclosure of, or unauthorized access to
information relating to the representation of
a client.”
53. Duty of Confidentiality
Comments to Illinois Rule 1.6
Acting Competently to Preserve Confidentiality
[19] When transmitting a communication that includes information relating to the
representation of a client, the lawyer must take reasonable precautions to prevent the
information from coming into the hands of unintended recipients. This duty, however, does
not require that the lawyer use special security measures if the method of
communication affords a reasonable expectation of privacy. Special circumstances,
however, may warrant special precautions. Factors to be considered in determining the
reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the
information and the extent to which the privacy of the communication is protected by
law or by a confidentiality agreement. A client may require the lawyer to implement
special security measures not required by this Rule or may give informed consent to the use
of a means of communication that would otherwise be prohibited by this Rule.
54. Duty of Confidentiality
Comment to Model Rule 1.6, now in comments to Illinois
Rule, effective January 1, 2016
Acting Competently to Preserve Confidentiality
[18] Factors to be considered in determining the reasonableness
of the lawyer’s efforts include, but are not limited to, the
sensitivity of the information, the likelihood of disclosure if
additional safeguards are not employed, the cost of employing
additional safeguards, the difficulty of implementing the
safeguards, and the extent to which the safeguards adversely
affect the lawyer’s ability to represent clients (e.g., by making a
device or important piece of software excessively difficult to use).
55. What does your client want?
Illinois Rule 1.6, Comment [19]:
“A client may require the lawyer to
implement special security measures not
required by this Rule or may give
informed consent to forgo security
measures that would otherwise be
required by this Rule.”
56. The Duties of Competence and Confidentiality
Ariz. Bar. Op. 09-04
Lawyer encrypted files, installed layers of password
protection, randomly generated folder names and
passwords, and converted each document to PDF
format that required password.
• “In satisfying the duty to take reasonable security
precautions, lawyers should consider firewalls,
password protection schemes, encryption, anti-virus
measures, etc.”
• The duty “does not require a guarantee that the
system will be invulnerable to unauthorized access.”
57. Duty to Safeguard Client Property
Illinois RPC 1.15(a)
“A lawyer shall hold property of clients
or third persons that is in a lawyer's
possession in connection with a
representation separate from the
lawyer’s own property. ... Other property
shall be identified as such and
appropriately safeguarded.”
58. ABA Formal Opinion 477 (May 11, 2017)
• Unencrypted generally okay
• But special circumstances/laws may require.
• Lawyer must make “reasonable efforts to prevent
inadvertent or unauthorized access”
• Includes a “reasonable efforts” balancing
• Concludes that: “A lawyer generally may transmit
information relating to the representation of a client
over the Internet….where…has undertaken
reasonable efforts….”
59. Termination of Representation
Illinois RPC 1.16(d)
“Upon termination of representation, a lawyer shall
take steps to the extent reasonably practicable to
protect a client's interests, such as giving reasonable
notice to the client, allowing time for employment of
other counsel, surrendering papers and property to
which the client is entitled and refunding any advance
payment of fee or expense that has not been earned or
incurred. The lawyer may retain papers relating to the
client to the extent permitted by other law.”
60. Other Applicable Rules
Duty to supervise (Rules 5.1 and 5.3)
Illinois Rule 5.1(a):
“A partner in a law firm, and a lawyer who individually
or together with other lawyers possesses comparable
managerial authority in a law firm, shall make
reasonable efforts to ensure that the firm has in effect
measures giving reasonable assurance that all lawyers
in the firm conform to the Rules of Professional
Conduct.”
61. Other Applicable Rules
Duty to supervise (Rules 5.1, 5.2 and 5.3)
Illinois Rule 5.3:
“With respect to a nonlawyer employed or retained by
or associated with a lawyer:
(a) The lawyer, and, in a law firm, each partner,
shall make reasonable efforts to ensure that the firm
has in effect measures giving reasonable assurance
that the nonlawyer's conduct is compatible with the
professional obligations of the lawyer and the firm;
62. Other Applicable Rules
Warning to client?
•You are obligated under Rule 1.4 to warn your client
about the risk of using electronic communications
where there is a significant risk that a 3d party may
gain access.
•E.g., when representing a company employee,
employer could read/access the email.
•And a warning may not be enough – you may be
required to recommend to the client methods of
ensuring that electronic communications remain
confidential.
•ABA Formal Op. 11-459 (8/4/11)
•Texas Opinion No. 648
63. And that’s not all…
Duty to Former clients?
Model Rule1.9(c)
“[A] lawyer who has formerly represented a
client in a matter or whose present or former
firm has formerly represented a client in a
matter shall not thereafter ... reveal
information relating to the representation
except as these Rules would permit or require
with respect to a client.”
64. What laws might be relevant?
• Mass. Security Regulations (201 CMR 17.00)
• Data Breach Notification laws (47 states, including
Illinois have these laws) HIPAA/HITECH
• Gramm Leach Bliley
• Data Security Laws
• Fiduciary Duty?
• Malpractice laws?
65. Applying the Rules
• Your emails?
• Your trash?
• Your desk and office?
• Working at a coffee shop?
• Your workspace at home?
• Portable data storage devices?
• Your laptop?
• Working in the “cloud”?
66. Is there a duty to encrypt emails?
– “A lawyer may transmit information relating to the
representation of a client by unencrypted e-mail . . .
because the mode of transmission affords a
reasonable expectation of privacy from a technological
and legal standpoint.”
– “A lawyer should consult with the client and follow
her instructions, however, as to the mode of
transmitting highly sensitive information....”
• ABA Formal Op. 99-413 (Mar. 10, 1999).
•Texas Opinion No. 648
67. Is there a duty to encrypt emails?
– “Encrypting email may be a reasonable
step for an attorney to take ... when the
circumstance calls for it, particularly if
the information at issue is highly
sensitive and the use of encryption is
not onerous.”
• Cal. Op. 2010-179.
68. Encryption- Illinois State Bar Association
ISBA considered the question of sending unencrypted
emails in ISBA Advisory Opinion 96-10 (which was
reaffirmed in 2010), available at
https://www.isba.org/sites/default/files/ethicsopinions/9
6-10.pdf, advised that unencrypted email is acceptable:
“Because (1) the expectation of privacy for electronic
mail is no less reasonable than the expectation of
privacy for ordinary telephone calls, and (2) the
unauthorized interception of an electronic message is
subject to the [Electronic Communications Privacy
Act ].”
69. Encryption Revisited?
- Many opinions on encryption outdated
- Times/technology have changed
- NYDFS Regulations
- Does your client require encryption?
70. Trash and recycling
Shred everything
privileged or
confidential.
When in doubt, or when
you don’t know:
Shred.
71. Your office and your files
Are you working with hard copies
of sensitive information, like
Protected Health Information
(PHI) or Personally Identifiable
Information (PII)?
72. Can you use the Wifi at Starbucks?
THE STATE BAR OF CALIFORNIA
FORMAL OPINION NO. 2010-179
• Short answer: probably, if you take appropriate steps.
• Before using a particular technology in the course of representing a client, an
attorney must take appropriate steps to evaluate: 1) the level of security
attendant to the use of that technology, including whether reasonable
precautions may be taken when using the technology to increase the level of
security; 2) the legal ramifications to a third party who intercepts, accesses or
exceeds authorized use of the electronic information; 3) the degree of
sensitivity of the information; 4) the possible impact on the client of an
inadvertent disclosure of privileged or confidential information or work
product; 5) the urgency of the situation; and 6) the client’s instructions and
circumstances, such as access by others to the client’s devices and
communications.
73. Can you use the Wifi at Starbucks?
THE STATE BAR OF CALIFORNIA
FORMAL OPINION NO. 2010-179
• Attorney goes to local coffee shop and uses public wifi to work on firm laptop.
• California state bar applied the multi-factor test, and said, not, an attorney risks violating
his professional obligations unless
• BUT…”With regard to the use of a public wireless connection, the Committee believes
that, due to the lack of security features provided in most public wireless access
locations, Attorney risks violating his duties of confidentiality and competence in using
the wireless connection at the coffee shop to work on Client’s matter unless he takes
appropriate precautions, such as using a combination of file encryption, encryption of
wireless transmissions and a personal firewall. Depending on the sensitivity of the
matter, Attorney may need to avoid using the public wireless connection entirely or notify
Client of possible risks attendant to his use of the public wireless connection, including
potential disclosure of confidential information and possible waiver of attorney-client
privilege or work product protections, and seek her informed consent to do so.”
74. What about the Wifi at home?
THE STATE BAR OF CALIFORNIA
FORMAL OPINION NO. 2010-179
“[I]f Attorney’s personal wireless system has been
configured with appropriate security features, the
Committee does not believe that Attorney would
violate his duties of confidentiality and competence
by working on Client’s matter at home. Otherwise,
Attorney may need to notify Client of the risks and
seek her informed consent, as with the public
wireless connection.”
• Citrix: Citrix XenApp offers “end to end” security
and is generally considered secure.
75. Portable Electronic Storage Devices
Duties of Confidentiality
And Competence
What is an attorney’s obligation with respect to
information stored on portable electronic storage
devices, such as thumb drives, CD discs, and back-
up storage drives?
What are “reasonable steps”?
77. Cloud “I says, Hey! You! Get
off of my cloud
Hey! You! Get off of
my cloud
Hey! You! Get off of
my cloud
Don't hang around
'cause two's a crowd.”-
Get Off of My Cloud
78. Working in the cloud?
• Numerous ethical opinions relevant to this topic:
•ISBA Ethics Op. 10-01 (July 2009)
- ISBA Ethics Op. 16-06 (October 2016)
- Affirms ability to use, but reasonable steps
•Pennsylvania Formal Opinion 2011-200
•North Carolina 2011 Formal Op. 6
•New York State Bar Ethics Opinion 842
•Alabama Ethics Opinion 2010-2
•Washington State Bar Advisory Opinion 2215
•Iowa Bar Ethic Opinion 11-01
•Vermont Ethics Opinion 2010-6
•Massachusetts Bar Ethics Opinion 12-03
•New Hampshire Ethics Committee Advisory Op. #2012-13/4
79. ISBA and Cloud
- July 2009, Opinion
No. 10-01- off-site
network
administrator
- 2016:
- Use of cloud vendor
- Focused on 1.1 and 1.16(e)
- Did attorney in selecting
vendor act “reasonably and
competently”?