How to Protect Your Clients' and Your Firm's Electronic Information

August 01, 2009

In an article published by The Bottom Line, an official publication of The State Bar of California, Robert Brownstone reviews key ethical and legal duties that arise from protecting the confidential information of various entities, including clients, adverse entities imposed by protective order and/or non-disclosure agreement, and your firm itself.

Brownstone recommends a number of measures that may help any law firm protect individuals' private information, which includes addresses, social security numbers and other information. He reviews key state, national, and international legal protections that apply to personally identifiable information and outlines the broad ethical duties owed to all entities, including clients.

In order to safeguard against potential malpractice suites, law firms and lawyers should use due care in protecting contents of online repositories, such as extranets, that clients and other outsiders may access. Brownstone recommends that public websites clearly convey the message that inquiries from prospective clients do not form automatic attorney-client relationships. Some firms handle this by placing a disclaimer on the bottom of some or all of the web pages; others link to a separate "Terms of Use" page.

Brownstone suggests that a three-pronged approach to delivering an effective Information Technology (IT) framework may help law firms safeguard against security breaches: the administration of well-though-out policies; education of all employees; and technology solutions. The technology issues that Brownstone specifically addresses include:

  • Perimeter protection
  • Physical security
  • Encryption of Data
  • Central v. local storage
  • Metadata
  • Electronic redaction
  • Safe internet access locations
  • Viruses, worms and malware
  • Password protection
  • Proper disposal of electronic data

Read the entire article here.