Protecting client secrets in an electronic world
By Diane Karpman
|
Karpman |
Confidentiality is the hallmark of the legal profession. In Swidler &
Berlin v. United States (1998) 524 U.S. 399, Kenneth Starr, then special
prosecutor and now dean of Pepperdine University School of Law, sought the release
of lawyer notes from the final meeting of the deceased Vince Foster and his
attorney. The Supreme Court unanimously refused. When the law firm that represented
Lizzie Bordon, the alleged ax murderess (not the rock band), wanted to donate
her file to the Fall River Historical Society, the Massachusetts bar opined
that even though she was long deceased, the file was still confidential.
Recently, when the media reported that venerable Iron Mountain misplaced electronic
personal data of about 600,000 employees of Time Warner, some of us gasped for
air. Iron Mountain, a third-party security storage provider (that ferries information
around in white Econoline vans), is employed by quite a few law firms, and more
than half of their customers are Fortune 500 companies. Third-party or off-site
storage facilities are ubiquitous and used for storage of the reams of paper
or digital information we are generating and maintaining. Third-party storage
facilities could be internet service providers like AOL or the orange public
storage on the corner. Iron Mountain adopted a sort of “gee whiz”
response and explained that it loses only about 12 cargoes out of about 5 million
pickups. Twelve may be too many for confidentiality-obsessed and obligated lawyers,
or physicians with their HIPPA-enriched duties.
But wait, if you really want to join other lawyers in our collective paranoia,
according to the New York Times (Dec. 12, 2004), passwords and firewalls will
no longer protect you and your client’s electronic secrets. It is now
possible to eavesdrop on keystrokes and determine what is being communicated.
A parabolic microphone 50 feet away can decipher the information, even with
background noise. A nefarious person could walk by a typing carousel where a
critical document was being transcribed and record the keystrokes with a cell
phone.
If you have inadvertently dialed your cell number, then you know that a cell
phone can become a recording device, and a “voicemail” message could
be sent that could translate the keystrokes. All of this suggests that it may
be a good risk management tool to obtain client consent, in your fee agreement,
to electronic storage of clients’ information, and the use of e-mail to
transmit/communicate with them.
In order to limit your future obligations regarding hard copies of client files,
look at Los Angeles County Bar Association Ethics Opinion 475 (http://lacba.org/showpage.cfm?pageid=427)
for some guidelines involving prospective client file “retention policies.”
Finally, the Batonnier (president) of the Paris Bar Association, whose office
is on the Ile de France, right in the middle of the Seine (which is possibly
the best office location in the world) has on his bookshelf the actual fan that
Marie Antoinette handed to her lawyers (in gratitude) as she stepped up to the
guillotine.
Legal ethics expert Diane Karpman can be reached at 310-887-3900
or at karpethics@aol.com.
|