No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
A Modern Look at Contractors v. EmployeesDiana Maier
Whether you’re a business owner concerned with making the right distinctions when engaging people to work with/for you, or a lawyer responsible for advising clients on the contractor v. employee distinction, this presentation could save you a lot of grief and money down the line.
Marin County-based employment lawyer Diana Maier and Carlos E. Torres, a Hearing Officer for the California Division of Labor Standards Enforcement (DLSE), discuss which factors matter most in deciding how to classify workers in light of recent legal decisions that are shifting those factors. In addition to covering a broad overview of the contractor v. employee debate, they also discuss ethical considerations for lawyers considering the question of contractor classification, and assess whether the sharing economy is due for extinction in light of recent rulings against companies such as Uber.
When employers are faced with terminating employees in California, they often miss the numerous required notices and action steps they must take at or before the time of termination in order to comply with the law. In this presentation, Beth Arnese and I go over how to handle terminations in a legally compliant manner (not to mention as kindly and consciously as possible - which prevents lawsuits and bad karma).
Topics addressed include federal and state requirements for terminating employees, the necessary forms and notices, the California Unemployment Insurance Code, final wages, termination letters, COBRA and Cal-COBRA coverage, and severance pay and agreements.
Emploment law issues for the gig economyRoger Royse
Discussion on misclassification of employment, managing risks of employment, strategies for avoiding misclassification, and changes in the legal landscape with regards to employment
With the rise of entrepreneurship, intellectual property is booming. This creates a wealth of opportunities for attorneys to start or grow their IP practice. But, like with any area of law, IP requires specialized knowledge to succeed and comply with best practices. Technology is an essential element to minimizing risk in any practice, but particularly, in the deadline-driven world of IP.
A Modern Look at Contractors v. EmployeesDiana Maier
Whether you’re a business owner concerned with making the right distinctions when engaging people to work with/for you, or a lawyer responsible for advising clients on the contractor v. employee distinction, this presentation could save you a lot of grief and money down the line.
Marin County-based employment lawyer Diana Maier and Carlos E. Torres, a Hearing Officer for the California Division of Labor Standards Enforcement (DLSE), discuss which factors matter most in deciding how to classify workers in light of recent legal decisions that are shifting those factors. In addition to covering a broad overview of the contractor v. employee debate, they also discuss ethical considerations for lawyers considering the question of contractor classification, and assess whether the sharing economy is due for extinction in light of recent rulings against companies such as Uber.
When employers are faced with terminating employees in California, they often miss the numerous required notices and action steps they must take at or before the time of termination in order to comply with the law. In this presentation, Beth Arnese and I go over how to handle terminations in a legally compliant manner (not to mention as kindly and consciously as possible - which prevents lawsuits and bad karma).
Topics addressed include federal and state requirements for terminating employees, the necessary forms and notices, the California Unemployment Insurance Code, final wages, termination letters, COBRA and Cal-COBRA coverage, and severance pay and agreements.
Emploment law issues for the gig economyRoger Royse
Discussion on misclassification of employment, managing risks of employment, strategies for avoiding misclassification, and changes in the legal landscape with regards to employment
With the rise of entrepreneurship, intellectual property is booming. This creates a wealth of opportunities for attorneys to start or grow their IP practice. But, like with any area of law, IP requires specialized knowledge to succeed and comply with best practices. Technology is an essential element to minimizing risk in any practice, but particularly, in the deadline-driven world of IP.
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Bradley's panel reacts to and addresses a hypothetical cyber incident involving a widespread compromise of consumer healthcare and financial information. Amy Leopard (Healthcare), Mike Pennington (Litigation), John Goodman (Litigation), Elena Lovoy (Financial Services), and moderator Paige Boshell (Intellectual Property, Financial Services) will offer legal and practical strategies to proactively respond to and resolve a specified data breach. Highlights will include customer notice strategies, attorney-client privilege and litigation avoidance strategies, and coordination with third parties, including external PR and forensic investigators, vendors, regulators, and law enforcement.
Effective legal representation of innovators and inventors requires careful thought and consideration. Among other things, care must be taken to properly initiate communications, prepare assignments, and handle subsequent legal disputes. This webinar discusses common legal issues that often arise during the representation of innovators and inventors. It also includes valuable advice from both innovators/inventors and the IP attorneys who represent them.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/legal-issues-for-innovators-inventors-2021/
There have been a number of new developments this year. Christina discusses new federal and state initiatives, new case law and other developments that directly affect employers.
Being an in house lawyer isn’t just about the law – perhaps it never has been.
Every six months at our in house lawyer sessions we give practical training on:
- what the law means for you (personally) and for your business
- tips on what to incorporate into your next contract, your next discussion with the HR department or your next board meeting
... and have been delighted to help cover what to say, do, draft and know what to avoid.
We’ll also be covering the black letter law:
- employment update – gender gap reporting – how, what, what the…? Sexual harrassment
- commercial law - changes in contract law and in particular what the courts have said about discretion in contracts – do you really have free choice, or are there limits?
- GDPR –you’ve very little time left – what are the quick wins you can deal with and high risk activities that you need to deal with.
In the last several years, substantial data breaches or hacker attacks in the U.S. have shown no signs of abating. Neither have the class actions that typically follow in their wake. Bradley Arant discusses litigation trends in data breach class actions. The video will touch on evolving issues in these cases, including recent loosening of consumer standing requirements (in cases after the Supreme Court’s Clapper decision), class certification and other issues raised in the Target litigation. We will also provide an overview of recent settlements of data breach class actions and what they might mean for later cases. The webinar will address several issues pending before the Supreme Court this term that could have significant impact, including whether a statutory violation without other injury confers Article III standing, and the extent to which statistical evidence can be used to justify class certification.
Ban the Box Laws, Salary History Restrictions, Class Action Litigation, Oh My!CareerBuilder
William J. Simmons, a Shareholder from Littler Mendelson, P.C., and Laura Randazzo, VP of Compliance at CareerBuilder Employment Screening explain recent trends in ban the box compliance, salary history compliance & FCRA class action. For more info. on employment screening visit https://cb.com/employmentscreening.
Too Much Information: The Use and Misuse of Pre-Employment Inquiries, Applica...Parsons Behle & Latimer
Employers are gathering more and more information regarding potential employee hires. Recent EEOC rules and FTC regulations have placed additional scrutiny on pre-employment inquiries and background checks by employers. Employers need to protect themselves by knowing what is "too much information." Kevin addresses the permissible bounds of pre-employment information obtained from potential employees during the hiring process.
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Bradley's panel reacts to and addresses a hypothetical cyber incident involving a widespread compromise of consumer healthcare and financial information. Amy Leopard (Healthcare), Mike Pennington (Litigation), John Goodman (Litigation), Elena Lovoy (Financial Services), and moderator Paige Boshell (Intellectual Property, Financial Services) will offer legal and practical strategies to proactively respond to and resolve a specified data breach. Highlights will include customer notice strategies, attorney-client privilege and litigation avoidance strategies, and coordination with third parties, including external PR and forensic investigators, vendors, regulators, and law enforcement.
Effective legal representation of innovators and inventors requires careful thought and consideration. Among other things, care must be taken to properly initiate communications, prepare assignments, and handle subsequent legal disputes. This webinar discusses common legal issues that often arise during the representation of innovators and inventors. It also includes valuable advice from both innovators/inventors and the IP attorneys who represent them.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/legal-issues-for-innovators-inventors-2021/
There have been a number of new developments this year. Christina discusses new federal and state initiatives, new case law and other developments that directly affect employers.
Being an in house lawyer isn’t just about the law – perhaps it never has been.
Every six months at our in house lawyer sessions we give practical training on:
- what the law means for you (personally) and for your business
- tips on what to incorporate into your next contract, your next discussion with the HR department or your next board meeting
... and have been delighted to help cover what to say, do, draft and know what to avoid.
We’ll also be covering the black letter law:
- employment update – gender gap reporting – how, what, what the…? Sexual harrassment
- commercial law - changes in contract law and in particular what the courts have said about discretion in contracts – do you really have free choice, or are there limits?
- GDPR –you’ve very little time left – what are the quick wins you can deal with and high risk activities that you need to deal with.
In the last several years, substantial data breaches or hacker attacks in the U.S. have shown no signs of abating. Neither have the class actions that typically follow in their wake. Bradley Arant discusses litigation trends in data breach class actions. The video will touch on evolving issues in these cases, including recent loosening of consumer standing requirements (in cases after the Supreme Court’s Clapper decision), class certification and other issues raised in the Target litigation. We will also provide an overview of recent settlements of data breach class actions and what they might mean for later cases. The webinar will address several issues pending before the Supreme Court this term that could have significant impact, including whether a statutory violation without other injury confers Article III standing, and the extent to which statistical evidence can be used to justify class certification.
Ban the Box Laws, Salary History Restrictions, Class Action Litigation, Oh My!CareerBuilder
William J. Simmons, a Shareholder from Littler Mendelson, P.C., and Laura Randazzo, VP of Compliance at CareerBuilder Employment Screening explain recent trends in ban the box compliance, salary history compliance & FCRA class action. For more info. on employment screening visit https://cb.com/employmentscreening.
Too Much Information: The Use and Misuse of Pre-Employment Inquiries, Applica...Parsons Behle & Latimer
Employers are gathering more and more information regarding potential employee hires. Recent EEOC rules and FTC regulations have placed additional scrutiny on pre-employment inquiries and background checks by employers. Employers need to protect themselves by knowing what is "too much information." Kevin addresses the permissible bounds of pre-employment information obtained from potential employees during the hiring process.
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Privacy rules matter—make sure your firm stays compliant.
While every lawyer knows the basic rules behind confidentiality and attorney-client privilege, the significance of privacy law is less well-known—and that lack of knowledge can impact your law firm. Emerging privacy rights and rights of action are impacting businesses of all types—including those in the legal profession. Local, national, and even international laws are making privacy the next frontier in data management for lawyers.
Are you prepared to adjust to the new demands of privacy for law firms, and move beyond confidentiality?
Join Joshua Lenon—an IAPP Certified Information Privacy Professional and Clio’s Lawyer in Residence and Data Protection Officer—as he explains how these privacy laws can impact law firms and what your firm should do to ensure compliance.
In this free 1-hour CLE-eligible webinar, you’ll learn:
Why law firm data must conform with emerging privacy regulations
The impact of clients’ compliance with privacy law on firm operations
Future privacy laws that may affect your law firm—no matter where you operate
https://www.clio.com/events/webinar-law-firm-privacy/
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Quarles & Brady
California’s passage of the California Consumer Privacy Act marks the first-of-its-kind comprehensive data privacy statute in the United States. Effective January 1, 2020, amendments are sitting on the Governor’s desk for signature, with new initiatives being discussed as we speak. What are the new developments? And at the end of the day, where do you need to be by December 31st? Join us for a lively discussion on the latest best practices for meeting the new data privacy requirements in California.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
Part of the webinar series: CORPORATE & REGULATORY COMPLIANCE BOOTCAMP 2022 - PART I
See more at https://www.financialpoise.com/webinars/
Data Privacy: What you should know, what you should do!
CSMFO Data Privacy in the Governmental Sector, Local Government. Data Privacy Laws, PCI, Breaches, AICPA – Generally Accepted Privacy Principles
Businesses that engage in the collection, use, disclosure and management of personal information in Canada need to be cognizant of the regulatory framework governing the privacy landscape in order to stay compliant.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2021/
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to:
https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2020/
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
HIPAA's implications for privacy and security practices in American businesses, addressed in March of 2001 at the Employers' Summit on Health Care, by Stephen Cobb, CISSP. Uploaded in 2014 for the historical record.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
One thing's for sure, there are many choices when it comes to hardware, software and everything in between. How can you know if you have the right infrastructure for moving forward? Many organizations have an IT Assessment done as their organizations grow to determine the best strategic plan for moving forward.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxOmGod1
Victims of crime have a range of rights designed to ensure their protection, support, and participation in the justice system. These rights include the right to be treated with dignity and respect, the right to be informed about the progress of their case, and the right to be heard during legal proceedings. Victims are entitled to protection from intimidation and harm, access to support services such as counseling and medical care, and the right to restitution from the offender. Additionally, many jurisdictions provide victims with the right to participate in parole hearings and the right to privacy to protect their personal information from public disclosure. These rights aim to acknowledge the impact of crime on victims and to provide them with the necessary resources and involvement in the judicial process.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
ASHWINI KUMAR UPADHYAY v/s Union of India.pptxshweeta209
transfer of the P.I.L filed by lawyer Ashwini Kumar Upadhyay in Delhi High Court to Supreme Court.
on the issue of UNIFORM MARRIAGE AGE of men and women.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Introducing New Government Regulation on Toll Road.pdf
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know About Privacy Law
1. Sarah Banola, legal ethics counsel to lawyers and law firms, Cooper, White & Cooper,
www.cwclaw.com
Diana Maier, Employment Attorney and IAPP Certified Information Privacy
Professional/US/EU, www.dianamaierlaw.com
Privacy Best Practices for Lawyers
What Every Law Practice Needs to Know About Privacy Law
Presented by:
Diana Maier & Sarah Banola
2. 2
WHAT IS PRIVACY LAW?
• Laws that deal with the regulation, storage and
use of personal information about individuals.
• Generally, expectation of privacy is a key
factor.
• Privacy laws can be broadly classified
depending on the kind of data:
Sensitive personal information
Personal information
Non-personal information
3. 3
WHAT IS PRIVACY LAW?
Specific privacy laws that are designed to regulate specific types of
information. Some examples include:
• Communication privacy laws (e.g. TCPA)
• Financial privacy laws (e.g. FCRA)
• Health privacy laws (e.g. HIPAA)
• Online privacy laws (e.g. COPPA; CalOPPA)
4. 4
Internet and the digitization of data has created higher stakes:
• Millions of people are sending off private and sensitive information.
If you break into the right network, you have access to millions of
people’s sensitive information.
• Last year, John Mulligan, Target's chief financial officer, said the
retailer was “deeply sorry” for a breach that affected both payment
data of 40 million customers and the personal data, such as phone
numbers and addresses, of as many as 70 million people.
WHY IS PRIVACY LAW SO HOT RIGHT NOW?
5. 5
Internet and the digitization of data has created higher stakes:
• Internet means private information that you chose to share
(sometimes thinking only a few people will see it) can be viewed by
countless.
• Increasing amount of communications as we are more
interconnected. New resentments by consumers about how those
communications occur. Pressure on legislatures to regulate. (Think
CAN-SPAM act for email; Do Not Call list for phone calls.)
WHY IS PRIVACY LAW SO HOT RIGHT NOW?
6. 6
• Onset of “Big Data” means increasing volumes of information. Private
companies already collect, mine, and sell as many as 75,000 individual
data points on each consumer, according to a Senate report.
• This has ethical/moral/legal implications, so government regulation is
implemented to deal with it.
WHY IS PRIVACY LAW SO HOT RIGHT NOW?
7. 7
Follow FTC Fair Information Privacy Principles
• Government agencies in the United States, Canada, and Europe have
studied how entities collect and use personal information -- their
“information practices” -- and the safeguards required to assure those
practices are fair and provide adequate privacy protection.
• The result has been a series of reports, guidelines, and model codes
that represent widely accepted principles concerning fair information
practices.
HOW DO WE PRACTICE GOOD PRIVACY?
8. 8
Common to all of these documents are five core principles of privacy
protection:
1. Notice/Awareness;
2. Choice/Consent;
3. Access/Participation;
4. Integrity/Security; and
5. Enforcement/Redress.
HOW DO WE PRACTICE GOOD PRIVACY?
9. 9
Always consider the following:
• How does your business collect, use, share and store information (of clients or
employees)? Do you have a lawful or legitimate basis for doing so?
• Where is the data stored/where is it going? (cross-border transfers, vendor to
sub processor)
• How is information collected used and shared? What are the business
purposes for each? (data minimization, reasonable business purpose)
• Who has access to the information collected, and is there a less intrusive way
to collect/process/store?
ISSUE SPOTTING FOR PRIVACY VIOLATIONS
10. 10
• How are the Fair Information Practices
met?
• What do your vendor contracts (if any)
say about privacy and confidential
information, particularly of your clients?
• What does your privacy policy say, where
is it posted, and do you truly follow it?
• What are user expectations about your
website/email system, etc?
ISSUE SPOTTING FOR PRIVACY VIOLATIONS
11. 11
Why are privacy practices so important?
• Most laws apply to law firms just as they would to other types of businesses
International data protection requirements
Cross-border data transfer restrictions
Patchwork U.S. requirements
Hundreds of state and federal privacy laws
Section 5 of the FTC Act
Security breach notification requirements
PRIVACY PRACTICES FOR ATTORNEYS
12. 12
From a legal perspective, the risks are substantial
• FTC enforcement authority: Section 5 of the FTC Act
• Most FTC privacy enforcement actions result from security breaches
Dave&Buster’s, CardSystems, Petco, ChoicePoint, Tower Records, DSW, Barnes &
Noble.com, BJ’s Wholesale Club, Guess.com, Inc.
• Division of Privacy and Identity Protection at the FTC
• Contractual liability
• Civil and criminal penalties or fines (particularly in the EU)
• Reputational harm
PRIVACY PRACTICES FOR ATTORNEYS – THE RISKS OF
NONCOMPLIANCE
13. 13
• Privacy issues have become ubiquitous for all businesses
• Law firms are no exception; in fact, they face unique challenges:
Must comply with evolving privacy requirements
Varying client requests and sensitivity of data
Also must comply with ethical obligations
LAW FIRMS ARE NOT IMMUNE
14. 14
• Personally identifiable information (PII) is routinely collected
• Necessary to provide legal services in some matters
e.g., Mergers and Acquisitions, Employment, Health Care, Trust &
Estates, Immigration, Information Security
Patents, trade secrets, religion, national origin, political affiliation,
criminal background, SSNs, financial account information, medical
history
SENSITIVE CLIENT DATA COLLECTION BY FIRMS
15. 15
• Storage of both hard-copy and electronic records creates risk
Mobile devices particularly risky and BYOD policies important
Breaches
Storage of data in the cloud has become commonplace
Provides the ability to leverage economies of scale, geographic
distribution, and automated systems to drive down costs
BUT, must consider the privacy, information security issues and
ethical obligations.
STORAGE OF PERSONAL INFORMATION
16. 16
Data retention
• How long must you keep personal information in the client files context?
Secure destruction of personal information
• Legal requirement at both state and federal level
Cross-cut shredding, degaussing
Consider state bar ethics opinions (Oregon State Bar Formal Ethics Op
2005-141: law firm may contract with recycling service to dispose of
documents that may contain information relating to the representation of a
client.)
DATA RETENTION & DESTRUCTION
17. 17
• ABA Model Rules and California Rules of Professional Conduct
Rule 1.1, CRPC 3-310 – Competence
Rule 1.6, CRPC 3-100, Bus. & Prof. C. 6068§(e)(1) –
Confidentiality
Rule 1.4, CRPC 3-500 – Communication
Rule 1.15, CRPC 4-100 – Client Property and Recordkeeping
Rules 5.1-5.3, Discussion to CRPC 3-310 – Supervision
ETHICAL OBLIGATIONS
18. 18
DUTY OF CONFIDENTIALITY — CALIFORNIA LAW
• California Business & Professions Code § 6068(e)(1) (duty of attorney
“[t]o maintain inviolate the confidence, and at every peril to himself or
herself to preserve the secrets, of his or her client.”)
• Lawyers must take reasonable measures to safeguard confidential client
information and may need to consult with someone who possesses the
requisite technical knowledge. See Cal. State Bar Formal Opns. 2010-
179 & 2012-184.
19. 19
DUTY OF CONFIDENTIALITY — MODEL RULE 1.6
• Paragraph (c) requires lawyers to undertake reasonable efforts to
prevent the inadvertent or unauthorized disclosure of, or access to,
confidential client information.
• Comment [18] addresses safeguarding confidential client information
and includes the duty to prevent unauthorized disclosure by staff.
20. 20
DUTY OF CONFIDENTIALITY AND USE OF SOCIAL MEDIA
• Don’t discuss confidential client information in public social media
forums (e.g., listservs, blogs, LinkedIn).
• Attorney should monitor and advise client re: social media profiles,
websites, and blogs. See Pennsylvania Bar Ass'n Form. Ethics Opn.
2014-300; New York County Ethics Opn. 745 (2013).
• Lawyer may advise client to change profile to “private.” Philadelphia Bar
Ass'n Professional Guidance Committee Opn. 2014-5; New York State
Bar Ass'n Social Media Guidelines (March. 18, 2014) at p. 11.
21. 21
DUTY OF COMMUNICATION
• Duty to keep the client “reasonably informed about significant
developments” and “to promptly respond to reasonable requests for
information.” CRPC 3-500
• Revised Comment [4] to Rule 1.4 reflects changes in communication
technology and requires a lawyer to promptly respond to or
acknowledge client communications.
• Client instructions
22. 22
Security of Confidential Information, Cal. State Bar Formal Opn. 2012-184
• Reasonable steps are required
• Factors to consider:
Level of security offered by particular device
Legal consequences for unauthorized use or access
Sensitivity of information
Potential impact to client of inadvertent disclosure
Urgency of the situation
Client directions and circumstances
ETHICS OPINIONS
23. 23
Arizona State Bar Ass’n Ethics Opinion 09-04
“It is important that lawyers recognize their own competence
limitations regarding computer security measures and take
necessary time and energy to become competent or alternatively
consult experts in the field.”
ETHICS OPINIONS
24. 24
• To what extent may a lawyer respond to negative online review by the
lawyer’s ex-clients?
Los Angeles County Bar Association Formal Opinion No. 525
San Francisco Bar Association Formal Opinion No. 2014-1
ETHICS OPINIONS
25. 25
• If third parties will access personal information on the firm’s behalf,
there is risk.
• Consider getting the client's consent to use of cloud computing
services, particularly with highly sensitive data.
• Adequately vet providers:
Credentials/Expertise in the industry
Security measures utilized/Who will have access to the information
Resources available to the vendor
How the vendor will transmit client information
CLOUD COMPUTING
26. 26
• Mitigate risk through:
Due diligence
Protective privacy and information security contract language
Maintain PII in strict confidence
Use PII only for your company’s benefit
Comply with all applicable laws, industry standards and the company privacy policy
Develop, implement and maintain reasonable security procedures to protect PII from
unauthorized access, destruction, use, modification and disclosure
Ongoing monitoring
PRIVACY PRACTICES FOR ATTORNEYS - SERVICE
PROVIDER MANAGEMENT
27. 27
Ethics violations
• Waiver of attorney-client privilege
• Malpractice or breach of fiduciary duty
• Fee dispute or disgorgement
• Consequential damages, such as replacing hacked client trust funds
• State bar discipline, including reprimand, suspension, disbarment
PRIVACY PRACTICES FOR ATTORNEYS – THE RISKS OF
NONCOMPLIANCE WITH FIDUCIARY DUTIES
28. 28
• Inventory personal data maintained by the firm and devices used
• Conduct risk assessment considering at least:
Employee training, policies and mobile device management
Secure information systems design and information processing, storage, transmission,
and disposal
Responding to and preventing attacks, intrusions, and systems failures
Breach notice requirements
• Fix vulnerabilities identified through the risk assessment
• Oversee vendors
• Monitor and manage information security program and policies
CHECKLIST
29. 29
• ABA’s “Information Security for Lawyers,” available at
http://www.abanet.org/abastore/index.cfm
• FTC’s “Protecting Personal Information, A Guide for Business” available at
http://www.ftc.gov/infosecurity/
• IAPP’s “Information Privacy” handbook, available at http://www.iapp.org
• “Protecting and Securing Confidential Client Data,” by Anthony Davis and Michael P.
Downey at http://www.law.com/jsp/lawtechnologynews/PubArticle L
TN.jsp?id=1202474447879&slreturn=1&hbxlogin=1
• NYSBA Social Media Ethics Guidelines, available at
http://www.nysba.org/socialmediaguidelines/
• For suggested BYOD terms, see ACC Top 10 Tips, available at
http://www.acc.com/legalresources/publications/topten/tttfmtbyodttwe.cfm
RESOURCES
*The increasing use of cloud computing has led to a loss of privacy expectation as individuals post sensitive data online and data mining companies extract, analyze and sell data.
*Expectation of privacy is also critical to issues involving waiver of the attorney-client privilege, as I will discuss later.
*Just in the past 2-3 years, Sony, Target, HD, PF Chang’s, Evernote, Living Social and US Government were targets of cyber attacks.
Example: Target identified a teenage girl’s pregnancy (via analyzing mass data) and sent her mailers before her father even knew.
*When stored in cloud, the laws of a foreign jurisdiction may apply and affect privacy protection and privilege.
Diana, I will discuss vendor contract issues later so you may want to reference.
Sarah to start . . .
In fact, many report law firms are the weakest link and digital security at many law firms generally remains below the standards for other industries. Refer to surveys.
Recent WSJ report that 40% increase in publicly disclosed breaches since 2011. Cybersecurity firm Mandiant reports that at least 80 of the 100 biggest firms in the country, by revenue, have been hacked since 2011. In 2012, Bloomberg reported that the large Washington firm Wiley Rein was targeted by hackers linked to China’s military in connection with a trade dispute it was handling for a maker of solar panels.
Since at least 2009, the FBI, the U.S. Secret Service, and other law enforcement agencies have warned the managing partners of big U.S. firms that their computer files are targets for cyberspies and thieves in China, Russia, and other countries, including the U.S., looking for valuable information about potential corporate mergers, patent and trade secrets, litigation plans, and more.
Many clients, especially banks, are conducing audits requesting law firms stop putting files on portable thumb drives, emailing them to nonsecure iPads or working on computers linked to shared networks in China and Russia where hacking prevalent; FBI meetings with managing partners to top law firms in major cities to highlight problem of computer security.
RPCs do not keep pace with evolving technologies.
Reasonable to expect law firms will be targets of attacks by foreign governments and hackers because they are repositories for confidential data on corporate deals, patents, trade secrets and business strategies
For example as more attorneys work remotely, stolen laptop computers with unencrypted hard drives. As more and more data is hosted on the cloud, firm may be able to mitigate loss by wiping laptop externally. Also, cyberattacks and attorneys falling for email hoaxes. Recently, our IT director alerted us to a hoax in which a hacker was posing as the IT director to try to gain access.
Cloud Computing- efficiencies and decreased costs. Law firms, like other businesses, rely on cloud computing for file-sharing, software, billing support, client management, e-discovery and database management.
At outset, should consider sensitivity of data collected and risk tolerance of client.
From a legal ethics standpoint, the use of such technology poses the question of whether lawyers may utilize cloud storage and services while still complying with their ethical obligations. The answer, as we have seen from a variety of ethics opinions (in CA and across the country) is that the use of cloud computing services by lawyers is ethically permissible. (See, for example, California State Bar Formal Opinion No. 2012-184). HOWEVER, complying with your ethical obligations may be more challenging in a cloud based format.
Consider factors such as statute of limitations, requirements under particular laws, engagement agreement provisions regarding retention post-termination.
[Degaussing = demagnetizing/destroying data on magnetic storage tapes]
As long as Law Firm makes reasonable efforts to ensure that the recycling company’s conduct is compatible with Law Firm’s obligation to protect client information, the proposed contract is permissible. Reasonable efforts include, at least, instructing the recycling company about Law Firm’s duties pursuant to RPC and obtaining its agreement to treat all materials appropriately.
RPC as basis for discipline versus common law standard of care.
New CRPC in process of being drafted and estimated date of completion by March 31, 2017.
California lawyers may also look to the Model Rules and ethics opinions for guidance.
In August 2012, the ABA approved recommendations by the Ethics 20/20 Commission to amend the ABA Model Rules to address lawyers’ use of new technology.
Revised Comment [8] to Rule 1. 1 confirms that the duty of competence includes "keeping abreast of . . . the benefits and risks associated with relevant technology.”
New Comments [3]-[4] to Rule 5.3 clarify a lawyer's duties when outsourcing legal work to non-lawyer service providers. This would include cloud providers.
In California, the duty of competence includes "the duty to supervise the work of subordinate attorney and non-attorney employees or agents." Discussion to CRPC 3-110. Remember: you CANNOT displace your obligation of competence onto the client or a third party vendor.
California State Bar Formal Opn. 2010-179: Actions an attorney must take to preserve confidentiality and supervise vendors are “governed by the duty of competence.”
Keep in mind that this is a more stringent standard than under Model Rules and fewer exceptions.
Remember: the duty of confidentiality is “broader” than the attorney-client privilege. It covers information that is not necessarily privileged.
It is so broad in fact that it even applies to information that is otherwise publicly available if the disclosure of such information would be detrimental or embarrassing to the client.
Ethics opns: Mastery not required, but attorneys must have at least a basic understanding of electronic protections afforded by the technology used in their practice.
Advise clients that they may have no reasonable expectation of privacy, even with "private" sections of sites. Advise clients to change setting to private, which will decrease risk that private sections will be discoverable. Many courts turn on whether party has some evidence from publicly available portion to show relevancy of social media postings.
Advice should cover material already posted, future postings and third party comments. Provide advice before and after suit filed.
Advice should include credibility. Example-widower husband hot mama postings on FB.
Some state bar ethics committees have considered whether cloud computing itself is a significant development that must be communicated to your client and most opine no in light if the ubiquitous use of cloud services by businesses and law firms.
Breach notification – internal and external.
Internal
Reporting lost or stolen devices
Remote locking or wiping
Enabling "find my phone" or similar applications
The lawyer’s duty of communication requires client notification: "If lawyer's conduct of the matter gives the client a substantial malpractice claim against the lawyer, the lawyer must disclose that to the client." Restatement (Third) of the Law Governing Lawyers §20, cmt. c (2000)
Level of security [including how particular technology differs from other media use-postal mail and email present similar risks of unauthorized review according to ethics opinions of most bar associations; whether reasonable security measures may be taken to increase the level of security-passwords, encryption; limitations on who is permitted to monitor use and on what grounds-ensure outside vendors safeguard information]
Legal consequences for unauthorized use or access [for instance, fact that a third party could be subject to criminal charges or civil claims for intercepting or accessing confidential client information favors an expectation of privacy with respect to the technology (Electronic Communications Privacy Act of 1986, Computer Fraud and Abuse Act etc.]
Sensitivity of information [if highly sensitive, should obtain client's informed consent before using particular devices]
Potential impact to client of inadvertent disclosure of privileged or confidential information or work product [waiver of privilege and evaluation of security precautions]
Urgency of the situation [if particular technology needed to address imminent situation and no reasonable alternatives are available]
Client directions and circumstances [or if attorney is aware that others have access to the client's electronic devices or accounts. Attorney should warn clients not to communicate confidential information from company's email account. See ABA Formal Ethics Opn. 2011-459 .] Also, should warn clients to be careful when using mobile phones that are subsidized by law firm and subject to monitoring.
Keep in mind that it is not just external hacking concerns, but also disgruntled employees and ignorance (using a post-it note on laptop as reminder for password or sending information that is not encrypted).
CUT?
An interesting example of how the duty of confidentiality can be implicated in various forms of social media was addressed recently in two separate ethics opinions in California (one from the San Francisco Bar Association and the other from the Los Angeles Bar Association).
How many a lawyer respond to a former client’s negative review of the lawyer on an online site such as Yelp?
Both opinions concluded responding to such a post is not “per se” improper. However: if you respond, you must do so in a manner that does not violate the duty of confidentiality. You need to remember: that even publicly available information is a confidence or secret if it would be detrimental or embarrassing to the former client. So the mere fact information you want to use in the response might otherwise be available publicly, does not mean that it is not confidential.
Recently, Colorado Supreme Court suspended an attorney for 18 months for e-shaming former clients and disclosing highly sensitive information in response to online complaints.
A few practical tips:
Avoid the gut reaction to respond right away.
If do decide to respond, say something like – “while I disagree with various statements contained in the review, professional and ethical considerations prohibit me from responding more directly to the statements.”
Also consider practical consideration of whether response will just draw more attention to the review.
*** [If time, discuss, below]
Central Question: Is there a “self-defense” exception that would permit disclosure of otherwise confidential information so the lawyer can defend him or herself? No
Unlike ABA Model Rule states: California does not have a "self-defense" exception to its rule of professional conduct regarding confidentiality
Instead: We have Evidence Code section 958, which is an exception to “privilege.”
(It provides: "There is no privilege under this article as to a communication relevant to an issue of breach, by the lawyer or by the client, of a duty arising out of the lawyer-client relationship.")
The stated purpose of the Evidence Code exception is:
("It would be unjust to permit a client either to accuse his attorney of a breach of duty and to invoke the privilege to prevent the attorney from bringing forth evidence in defense of the charge or to refuse to pay his attorney's fees and invoke the privilege to defeat the attorney's claim.")
It is doubtful the exception would apply in the context of responding to a negative public on-line review. The exception has generally been restricted to formal proceedings (malpractice or fee dispute) or official inquires (such as a State Bar inquiry). Even where the exception is applicable, a lawyer must limit any disclosure of information to that necessary to respond to the client's claim and to minimize prejudice to the client – Is it really necessary to respond to a negative on-line review, no claim is actually pending?
[Los Angeles Bar Association Opinion No. 519 – make the point that Evidence Code section 958 is not premised on the concept of waiver, of the attorney-client privilege; rather, it is an "exception" to privilege, the statute provides that "there is no privilege" under the limited circumstances set forth in 958.]
NY State Bar Ass’n Ethics Opn. 842 (2010) –Attorneys may ethically use cloud storage for client confidential information provided they take “reasonable care to ensure that the system is secure and that client confidentiality is maintained.” Duty to “stay current” with “technological advances applies to a lawyer’s contemplated use of an online data storage system.”
NYSBA guidelines suggests including provision in engagement agreement re: cloud storage.
PA-consent may be necessary depending on scope of representation and sensitivity of data. See also NH State Bar Ass’n Advisory Ethics Opn. 2012-13/4 (Feb. 21, 2013)-If the info is highly sensitive, consent of the client to use cloud computing may be necessary.
Also, think about:
The technology that will be utilized
Whether the vendor has backup provisions for information it will handle and store
What measures are in place to prevent lapse in services, such as an earthquake, or prompt return of data if provider goes out of business or when you close account.
Should your cloud provider receive a litigation hold notice? Can you require compliance?
Find out whether your professional liability policy covers data breaches; if not, assess whether separate coverage is appropriate
Pay attention to the terms of the service level agreement and make sure they adequately protect confidential information.
Obligation to comply with preservation requests.
Watch out for indemnity provisions in user agreements – often the lawyer will have to indemnify the vendor in the event of a breach of security.
And consider the extent to which you will be able to adequately supervise the vendor. Auditing by third parties may be limited by outside vendor cloud providers, but most will provide own audits and provide report. If fail to do so, red flag.
See NC State Bar Ethics Comm. Form. Op. 2015-6. Obligation to restore funds when hackers break in to computer network and steal client money if lawyer failed to take reasonable steps that could have prevented the theft.
Safety measures include strong passwords policies and procedures, use of encryption and security software, hiring a technology expert for advice and making sure relevant firm members and staff are trained on security procedures.
Beware of spoof emails! Email with wiring instructions from seller in real estate transaction requests that lawyer wires funds (instead of mailing check as previously arranged). The email address is the same as sellers with one different letter. The lawyer wires the funds without calling seller first to confirm. Opined that lawyer did not take reasonable security measures by calling the sender at the phone number listed in the lawyer’s file and confirming the seller’s email address.
In event of theft, notify clients, take protective steps and report theft to State Bar.
Many Wall Street banks, including Bank of America and Merrill Lynch, typically require law firms to fill out up to 20-page questionnaires about their threat detection and network security systems. Some clients are even sending their own security auditors into firms for interviews and inspections.
Determine whether the firm can support all types of devices being used by attorneys and staff.
Involvement of IT staff or consultants, but attorneys must manage the security policies and practices. You can’t just tell IT manager to enter into cloud vendor contract with no oversight. You must stay involved and do some diligence.
Training and Policies (Social Media, BYOD)
Employee departure procedures [remote wiping, removal of access to server and email access]
Implement data encryption, Secure Socket Layer (“SSL”) industry standard to confirm that communication is encrypted and secure from interception. Firewalls, passwords and strength. Data backup (require save documents on firm/company server)
Incident Response Plan/Disaster Recovery. The firm should have in place a procedure for reporting lost or stolen devices, remote locking or wiping, enabling "find my phone" or similar applications.
Breach Notification.
Document dd efforts, including employee training and oversight of vendors.
**Bottom line-reasonable due diligence is required.