Home Management Ethical Challenges of
Securing Client Data
Ethical Challenges of Securing Client Data

Ethical Challenges of
Securing Client Data

0

In 1946, computer pioneer Grace Hopper was busy working as a programmer on one of the world’s early supercomputers: Harvard’s Mark II back when each computer was the size of an entire room. Hopper was running an application she had coded, but kept running into errors. She checked the code and everything seemed correct, so she decided to check the machine. There she found, lodged in one of the relays, a bug ? a moth to be exact. This is said to be the first recorded instance of a “computer bug.” Ever since, we have used the term to describe an error, fault or failure in a computer program that makes it behave in unexpected ways. There is some controversy surrounding the origin of the term on whether it was Hopper or her fellow engineers who recorded the instance. Regardless, it is a great story, and seems perfectly logical given the size and complexity of machines at the time, not to mention it gives us a little insight into the jovial working environment these programmers had during the 1940s. “Computer bug” is just one of many computer terms we readily throw around these days, but where did the terms originate? More importantly, how do they affect us in the legal field?

Ethics, Client Data and the Mobile Age

It is our ethical duty to protect our clients’ data. However, this becomes increasing difficult in this modern ago of mobile devices, cloud computing, hacking and the unrelenting pace of change. That doesn’t make it any less critical. One of the biggest buzzwords floating around these days is “cloud computing.” What is it? How does it work? Where is “the cloud”? Who has access to the cloud? It’s actually much simpler than you think. When engineers were initially diagramming the first computer networks, they had to draw the physical connections between computers. When it came time to diagram a connection that utilized the Internet, they ran into a snag. An IT consultancy team known as The Final Step write a very informative blog about their services, a few of their recent reports suggest Cloud computing is the most effective way for businesses to collaborate on projects as well as have easy access to relevant files. But there are many other reasons supporting it too!

What shape is the Internet? Most would draw a blob or cloud shape and write “Internet” inside it. Because the shape resembled a cloud, the term cloud computing started to gain traction. “Cloud computing” simply refers to any connection that utilizes the Internet ? more specifically, the practice of using a network of remote servers hosted on the Internet to store, manage and process data, rather than a local server or a personal computer. For instance, when you watch Netflix, you are streaming a video file that is stored on another computer somewhere. You are utilizing an Internet connection to access those video files. When you check your Gmail account, those messages are stored on a remote server and are being accessed using an Internet connection, which is exactly why you can get to them from multiple devices including your smartphone or tablet.

Cloud Computing Concerns

What do attorneys need to be concerned about regarding cloud computing and cloud storage? In the last few years, cloud storage has gotten a bad rap. A few missteps by users and software companies alike have resulted in a fear of using it in the legal field. Still, when it is applied properly, the cloud can be an incredibly useful tool. In fact, the ABA has created a chart of all the state judicial ethics opinions regarding the use of the cloud computing in the legal field.

Generally speaking, cloud computing is ethical, as long as it is used with a standard of reasonable care. An important note: The lawyer must know who else has access to the data, and this is where things can get tricky. Oftentimes, people are unaware they are even utilizing cloud computing. Take Siri or any of the other voice assistants on smartphones, for example. You record a voice note, it is sent to the cloud to be transcribed, and then it is immediately sent back to your device in text form. If you have asked a question, the answer will also appear in the text. This data is saved so that periodically engineers can go back and examine how accurate the transcription was. They also utilize the recordings to make improvements to the voice recognition technology. If voice recognition technology is used to transcribe client communication or client data, this means Apple, Google or Microsoft could potentially have that data sitting on their servers.

While these companies take measures to keep the data anonymous and do not save it indefinitely, there is still the off chance a client’s Social Security number, trade secret or other bit of confidential data could be accessed. This made one particular company apprehensive about Siri, so it banned the use on its campus. What was the company? IBM. Of course they didn’t want trade secrets recoded and hand-delivered to the competition.

The banning of Siri might seem a bit extreme; however, it exemplifies how difficult it is today to keep track of who has your data. This unfortunately means reading those EULA agreements we all click past without a second thought. Another important step is to talk with software vendors to not only ensure they have proper security measures in place, but more importantly, to find out who can access your data. Often a simple phone call or email to your account representative can provide clarity as to how your data and your clients’ data will be handled.

The allure of cloud computing is strong. It provides many advantages: anytime, anywhere access, more powerful computing, easy sharing and collaboration and more. There is no lack of cloud computing storage providers either (i.e., Dropbox, Box, Google Drive, etc.). The problem is that none of these tools has been designed specifically for the legal field. With consumers front of mind, more attention is paid to sharing family photos than keeping medical records or trade secrets secure. That said, cloud computing, particularly when it comes to storage, can be done correctly and securely.

It is critical to have granular control over the files and users within any cloud storage platform. Veritext has banned the use of services such as Dropbox, not because the technology is inherently unsecure, but rather because it is so easy to share and share and share. It is far too simple to have one rogue employee copy or share an entire case folder. Now that case folder is sitting on that person’s home computer, personal iPhone, kid’s iPad and who knows where else. A few clicks and suddenly highly sensitive information is everywhere. This huge benefit of utilizing cloud storage can also be considered a risk.

Email Security

By and large the most common way we all communicate, particularly with our clients, is email. But is it secure? Inherently, it is not. Email was never designed to be a secure method of communication. Even though you may have a secure connection between you and your email server (the “s” in https), that email still has to travel on the open Internet, and there is no telling who might get a copy of it. We faced this problem when dealing with the delivery of transcripts and exhibits to clients requesting an email copy. Now, instead of sending emails with attachments, we only send links to download those files ? secure links. In this instance cloud computing can actually be a more secure method of delivery.

Sending links instead of attachments ensures that if the email is intercepted, the links can be disabled, preventing access to the files. Additionally, the links are time sensitive. After a set period of time, they will expire and no longer work. Even if old emails are intercepted, the files are not accessible. For particularly sensitive files to be sent via email, a tool like LawStudio can be used to specify even stronger security measures. LawStudio creates secure links with additional features such as maximum download limit and password protection. When clients receive the email, they will only have one chance to download the file and will be required to enter a password to begin the download. With these measures in place, email can be confidently used to deliver and receive sensitive documents.

Security Issues When Disposing of Old Computers

With cloud usage and email communications secure, what other security measures do attorneys need to be concerned about? The garbage. One often overlooked security hole is what happens when computers are disposed of. Most often e-recycling sends e-waste to Agbogbloshie, Ghana, considered to be the “world’s digital dumping ground.” Aside from the moral implication of sending our toxic e-waste to a developing country, there are also security concerns. It has been reported that criminals pull the hard drives from computers they find disposed there. They then pull data off of those hard drives for use in criminal activity, be it to gather personal information such as credit card numbers, bank account information or something else.

What makes this problem even more difficult is there are hard drives everywhere, including in most modern office equipment. The most overlooked device with a hard drive and sensitive data storage is the modern copy/scan machine. Most modern copiers have a hard drive that keeps a digital copy of every document they have ever scanned or reproduced. This improves the speed and efficiently of the machine. This also creates a large cache of secure documents. Once again, a benefit of this modern technology can also be considered a risk.

Thankfully, there are ways to securely dispose of hard drives. There are software methods as well as physical methods. Software such as a program called KillDisk can be used to completely and securely erase data from the drive (even compliant with the Department of Defense standards). After using KillDisk, or similar software, you can be assured that no one will be able to recover data from that drive whether it is donated or sent to Ghana.

This method of disposal requires patience. It can take four to five hours per hard drive to thoroughly erase the data, which can add up when replacing computers for your entire staff. A more efficient option would be “digital shredding.” Most paper shredding companies offer the destruction of digital media (hard drives, DVDs, flash drives, etc). They use industrial shredders to physically destroy the hard drive, rendering it completely impossible to use, let alone recover data from.

It may seem cumbersome to stay up to date on technology and security, but this is something the modern litigator cannot avoid. These tips are just a few of the many security concerns you must confront when working in the digital age. That being said, proper precautions and education can ensure your data and also your clients’ data will be secure and protected. Ultimately, there are ethical risks when it comes to the use of new technology; however, if managed successfully, the benefits surely outweigh them.

Mike Murray on EmailMike Murray on LinkedinMike Murray on Twitter
Mike Murray
Mike Murray
Mike Murray is the director of client services for LawStudio by Veritext. Murray travels throughout the nation providing expert, informative, entertaining and educational CLEs, educational instruction and product demonstrations to legal professionals

LEAVE YOUR COMMENT

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.