I could hear it in his voice, the frustration over trying to figure out how to deal with a never-ending flow of email was palpable. Unfortunately, before I could share a few thoughts, the elevator door opened and I had to walk away wishing I could have had a little more time. That’s the real issue, isn’t it? It’s always about time. There never seems to be enough of it. I suspect you can relate because I can’t imagine there are many out there who haven’t felt overwhelmed at some point by a cluttered inbox, a stack of phone messages, sticky notes posted all over the place (you should see my office!), the pile of files on their desk, and/or all the overdue items on their reminder list. So what do you do?
The belief that “The odds of a computer or network breach isn’t an if, it’s only a when” is practically dogma now. Given this reality, every law practice, to include solo attorneys, should have a data security plan in place. Yes, I know the task can seem a bit daunting, particularly if you have no idea where to start; but failing to do this is no longer an acceptable choice. Putting our ethical duties and various state and federal regulations aside, every client expects to have whatever sensitive and personally identifying information they provide to you properly safeguarded. That’s the bottom-line. Here’s a guide put out by the FCC to help you fulfill your ethical duties.
As with any cyber threat, prevention starts with awareness of the risk and, as a road warrior, I see people taking an unnecessary risk far too often. This one involves smart phones.
Here’s the problem. The cable you use to charge your phone is the same one you use to transfer or sync your data. This reality creates an attack vector that someone could take advantage of during the charging process. Read on.
Boundaries are important. In sports, they define the area of play. In real estate, they designate what one owns. And in personal relationships, they mark the emotional and physical limits everyone establishes in order to protect themselves from being manipulated, used, or violated by someone else. In short, personal boundaries mark the place where one individual ends and another begins. Why is this important in the context of practicing law? Because when two people enter an attorney-client relationship……
Now, I will readily admit that many times co-counsel relationships work out just fine. At the conclusion of representation everyone, including the client, feels satisfied in how it all went. My interest, however, is in looking at the times when it doesn’t go well and Betty’s story is one worthy of discussion.
As a backup, redundant calendars certainly have their place; however their real value can only be realized when they become independent from the primary calendar because mistakes happen. Calendaring errors are behind a significant percentage of malpractice claims across the country and a common calendaring misstep is simply a data entry error, be it an incorrectly entered date or a date that never made it into the calendar.
One common concern I continue to hear from lawyers trying to do so is frustration over not knowing the specifics of what to do. While our Rules of Professional Conduct and various ethics opinions mandate all kinds of things to include requiring lawyers to take steps to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client [See ABA Model Rule 1.6 (c)], these rules and opinions often fail to provide any meaningful guidance.
In order to try and address this problem, I have put together the following checklist. It is intended to help those of you who have a desire to become more cyber secure know where to start.
In the middle of a conversation with one of our insureds on the topic of the difficulty of learning to say no, the fine gentleman I was conversing with did a jump shift on me. For whatever reason, he felt it was important to acknowledge that he was cognizant of his age and he wanted me to know he had taken steps to make sure he continues to practice law competently. What really struck me, however, was his desire to also share he had instructed others at his firm to let him know if they were to ever see him start to mentally slip, because in his words “the day will come when…” How will you proceed when day comes when….?
Occasionally lawyers still call in asking if it’s ethically permissible to place data in the cloud and often wanting to talk about the associated risks. I get it. For those who haven’t intentionally moved to the cloud already, trying to understand the risks and learning how to responsibly manage them can be a bit intimidating. Thankfully, a number of ethics opinions have been issued on this topic over the years so the answer to their questions is usually a rather straight forward one. Basically, it’s yes as long as you do your due diligence on the vendor and couple that with taking appropriate steps to see that your data is properly secured in transit as well as when at rest.
You’ve just been through some very intense contract negotiations for a new client and now that things are wrapping up, this client thought the time was right to let you know that once your work is complete, you are to turn over everything in your file. In short, you’ve just been informed you are not to retain anything relating to this matter. As a risk guy, I now have serious concerns. If you comply, how in the world could you defend yourself in a subsequent malpractice claim? Remember, the client will have complete control of the file. Admittedly, this kind of situation doesn’t happen often; but it does happen. So, let’s talk about your options if you ever find yourself in a similar pickle.