Confidentiality in a Wired World

Confidentiality in a Wired World

The Law Society of Upper CanadaProfessional Development & Competence

David Whelan, Manager, Legal Information • [email protected]

Competence

(c) the records, systems, or procedures of the lawyer’s professional business

Confidentiality

A lawyer at all times shall hold in strict confidence all information …

“Oops”

A lawyer shall … assume complete professional responsibility for his or her practice of law …

Shhhhh!

Related topic: Privacy obligations under PIPEDA- “information about an identifiable

individual”

- Broad, includes potential client information

- Privacy Handbook for Lawyers

COMMUNICATIONS

Watch What You Say!

… conducted what should have been a confidential conversation about pending layoffs at his firm – in a loud voice…, on a crowded Acela train.

E-mail?

Reasonable expectation of privacy

But- Easy, free: Hushmail.com,

Yousendit.com

- May depend on client, subject matter

- May be better not to send as e-mail

- Consider informing client, getting signoff on using e-mail

One of the outside lawyers …had mistakenly e-mailed confidential information on the talks to Times reporter Alex Berenson instead of Bradford Berenson, her co-counsel…

Who is Your Audience?

E-mail Recipients- Address the e-mail last

- Verify the recipients

Is client’s e-mail private?- Web-based e-mail, not employer’s

- See ABA Formal Opinion 11-459 (8/2011)

Social Media (Twitter, Facebook)

SECURE YOUR TECHNOLOGY

Passwords and Encryption

mxyzptlk

Strong Passwords, Written Down

8 or more characters

UPPER, lower, $peci&l

Balance obscure with memorable- terms of art becomes t3rm$0f&rt

Test it: passwordmeter.com

Store it somewhere safe and secure

Your data

Encryption layerEncrypted

Your data

Encryption layerDecrypted

Once decrypted, your data is accessible until re-encrypted

Encryption at rest

Encryption at rest

Web search for endpoint encryption

iPhone 4+: built-in

Blackberry: built-in

Android 3: built-in

Windows: add-on

Truecrypt.org (free)

McAfee.com (McAfee Anti-Theft)

TrendMicro.com (Endpoint Encryption)

CheckPoint.com (Full Disk Encryption)

Symantec.com (PGP Whole Disk Encryption)

Windows Vista/7 Bitlocker

Mac OS File Vault

Encryption in motion

When you transmit or receive …- Password: https://mybank.com

- Search: https://www.google.com/

- Files: https://www.dropbox.com/

Firefox: HTTPS Everywhere add-on- Defaults over 200 sites to https://

Encryption in motion

Cloud Computing

Software-as-a-Service- Use SSL (https://) for connections

- Content should be encrypted at rest

SECURE YOUR DEVICE

You Better Take It With You

Physical Security

Physical Security

Your locks should reflect your duty- Household locks weaker than commercial

- File cabinets, shed/garage doors weak

Use them- No doors propped open

- Keep servers, important tech in locked, well-ventilated room

Everything is Portable

Secure ALL Your Computers

Value is in the case, not the data

Your risk is in data

Creature of Habit

Get into habits of handling devices- Put wireless phone, tablet in regular place

- Easy to check, notice it’s missing

Secure devices with password

Add remote control, wipe apps- Delete device content remotely

- Locate where device is

Conclusion

Watch your communications, what, how, and where

Secure entry with passwords, locks

Protect data with encryption at rest, in motion