Tuesday, December 8, 2009

Data Security: Best Practices Are Not Always High Tech

When I was an attorney practicing personal injury law in New York City, I was taking the train from court back to the office. Anticipating a busy afternoon, I called the office to find out of a particular client had dropped of a packet of discovery materials and chatted briefly with my colleague about the yet-to-be completed discovery.

Immediately after I ended the call, I was approached by a gentleman who asked if I was an attorney. I answered that I was, and apologized if I was speaking too loud on my phone. He told me he hadn't been bothered, and, as an attorney himself, acknowledged the urge to get work done while on the train.

He then shared the following story:

Approximately 10 years ago, he was on the train riding home after work and overheard a man in front of him talking on a cell phone. He soon realized that the conversation he was hearing was between an attorney and either co-counsel or a client about a case that he and his office was handling for the defendants in an open case. When the discussion turned to the plaintiff's tactics for the upcoming trial, the accidental eavesdropper was ready with pad and pen.

When the time for trial came, the plaintiff's counsel could not understand why their opponents consistently and instantaneously adapted to their every procedural move and change in trial strategy. In the end, the defendants won the day, due in part to good lawyering, but also to the accidental intelligence gathered by a observant associate. He cautioned me about the risks of talking business on the train - even the things I thought were mundane could be a gold mine if the wrong person happened to overhear me.

So, why share this anecdote?

According to the electronic evidence blog Ride the Lightning, a mid-sized law firm has banned iPhones due to security risks. Whether the iPhone presents a significant data privacy risk (especially in the day and age of M.G.L. 93H) is a topic for another time, but, suffice it to say, the iPhone and other portable electronic devices do have inherent security flaws, such as lack of encryption support or caching of recently-viewed data. Similarly, traditional voice only cell phones can present the types of security risks that turn the tide of litigation and can significantly harm a client's interests or privacy. Still, these devices are indispensable in providing good service to our clients and responding quickly to a need for additional information or to provide a prompt response. Both a voice conversation or misplaced data presents a security risk, but I don't think any of us would advocate the wholesale banning of cell phones from law firms. Rather, a solution (and possibly the best practice) is the common sense utilization of the technology available: Don't talk when others might listen, and don't place data on "losable" technology that you don't want falling into the wrong hands. Is the solution high tech? No. Does it work? Absolutely.

Attorney Trask of Kelsey & Trask, P.C. practices bankruptcy and civil litigation with Kelsey & Trask, P.C., was a cryptologic materials manager in the U.S. Marines and has experience planning and implementing encrypted communications (voice and data) networks. If you have any questions regarding M.G.L. 93H, contact us at (508) 655-5980 or click here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Related Posts Plugin for WordPress, Blogger...