According to the opinion, a lawyer may generally store and synchronize electronic work files containing confidential client information across different platforms and devices by using an Internet-based storage solution, such as Google Docs, so long as the lawyer takes reasonable efforts to ensure that the provider's terms of use and privacy policies, practices and procedures are compatible with the lawyer's professional obligations. If a client expressly instructs the lawyer not to store or transmit the client's confidential information over the Internet, the lawyer must refrain from doing so. Additionally, all lawyers should refrain from storing or transmitting particularly sensitive client information over the Internet without first obtaining the client's consent.
The opinion goes on to offer guidelines for taking reasonable precautions. "Reasonable efforts" with regard to an Internet-based storage system would include:
- examining the provider's terms of use and written policies and procedures with respect to data privacy and confidentiality
- ensuring that the provider's terms of use, policies and procedures prohibit unauthorized access to stored data, including access by the provider itself for any purpose other than displaying the data to authorized users
- ensuring that the provider's terms of use, policies, procedures ad functional capabilities give the lawyer access and control over stored data in the event the lawyer's relationship with the provider is interrupted or discontinued
- examining the provider's existing practices (encryption, password protection and system back up) and service history to reasonably ensure the system will remain confidential and will not be intentionally or inadvertently disclosed or lost and
- periodically revisiting and reexamining the provider's policies, practices and procedures to ensure they remain compatible with the lawyer's professional obligations.
No comments:
Post a Comment