Rule 5.2. Privacy Protection For Filings Made with the Court
(a) Redacted Filings. Unless the court orders otherwise, in an electronic or paper filing with the court that contains an individual's social-security number, taxpayer-identification number, or birth date, the name of an individual known to be a minor, or a financial-account number, a party or nonparty making the filing may include only:
(1) the last four digits of the social-security number and taxpayer-identification number;
(2) the year of the individual's birth;
(3) the minor's initials; and
(4) the last four digits of the financial-account number.
(b) Exemptions from the Redaction Requirement. The redaction requirement does not apply to the following:
(1) a financial-account number that identifies the property allegedly subject to forfeiture in a forfeiture proceeding;
(2) the record of an administrative or agency proceeding;
(3) the official record of a state-court proceeding;
(4) the record of a court or tribunal, if that record was not subject to the redaction requirement when originally filed;
(5) a filing covered by Rule 5.2(c) or (d); and
(6) a pro se filing in an action brought under 28 U.S.C. §§ 2241, 2254, or 2255.
Information We
Collect
Computer
Data
CM
ECF
- Social Security Numbers
- Financial account numbers
Social
SOCIAL
- Corporate Trade Secrets
- e-discovery data
- Litigation material
- Medical information
- Birthdates, etc.
PLATFORMS
The Professional Responsibilities
Or Lawyers
Cloud Computing
Lawyers may use cloud computing if they take reasonable precautions to ensure that confidentiality of client information is maintained, that the service provider maintains adequate security, and that the lawyer has adequate access to the information stored remotely. The lawyer should research the service provider to be used.
Practice website: www.dhabramslaw.com
Florida Bar Ethics Opinion 12-3, January 2013
Check out my blog/youtube channel
www.abramsdicta.com
2010 Fla Bar Ethics Opinon
Ensure Confidentiality by:
- identification of the potential threat to confidentiality along with the development and implementation of policies to address the potential threat to confidentiality
- inventory of the Devices that contain Hard Drives or other Storage Media
- supervision of nonlawyers to obtain adequate assurances that confidentiality will be maintained
- responsibility for sanitization of the Device by requiring meaningful assurances from the vendor at the intake of the Device and confirmation or certification of the sanitization at the disposition of the Device.
Protecting Our Clients
From Identity Theft
Ethical Rules:
Prior Cases
David H. Abrams
April 2016
"A lawyer should keep in confidence information relating to representation of a client except so far as disclosure is required or permitted by the Rules of Professional Conduct or by law"
Preamble to Florida Rules for Professional Responsibilities
"China-based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal."
Assessing The
Risk
Administrative Safeguards
"(e) Inadvertent Disclosure of Information. A lawyer must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."
Email Address
Telephone
In 2001, a paralegal at a large firm in New York downloaded a copy of a trial plan from his firm’s computer system and tried to sell the plan to opposing counsel for $2 million.
- 1. The firm has policies, procedures, guidelines, and training materials to govern the security function.
- 2. The firm undertakes a risk assessment to determine the threats to its client information in light of the sensitivity of the information.
- 3. The firm implements controls that manage its risk to a reasonable level, and it should consider obtaining insurance coverage.
- 4. The firm has named a person or team in charge of information security.
- 5. The firm has employment procedures by which workers are evaluated in part based on their compliance with security policies and procedures. Workers face discipline if they violate those policies and procedures.
- 6. The firm manages which members of its workforce have access to which kinds of information and change such access when job duties change.
- 7. The firm investigates the background of workers with access to client information to provide assurances that they are trustworthy and competent.
- 8. The firm has procedures when a worker leaves the firm to stop access to client information.
- 9. The firm has a program of security and privacy awareness and training, including periodic reminders and updates. Topics include the protection of electronic information, computer systems, preventing malicious software, social media practices, the protection of paper records, and not discussing client matters in public places.
- 10. The firm has procedures for security incident reporting and handling. It should have an incident response team to handle incidents.
- 11. The firm has procedures for backing up client information.
- 12. The firm has a disaster recovery and business continuity plan to provide assurances of continued operation in the event of a natural or man-made disaster.
- 13. The firm has procedures for auditing or assessing the effectiveness of its security controls.
- 14. The firm supervises third parties with access to client information.
david@dhabramslaw.com
Florida Rule of Professional Responsibility 4-1.6
850-224-7653
Physical Safeguards:
- The law office has walls, doors, and windows that reasonably prevent physical intrusion. Server rooms have physical barriers that prevent people in lobby areas from accessing them.
- People in waiting areas cannot see the screens of workers in the reception areas.
- Workers are trained to prevent the loss or theft of mobile devices or media, especially while out of the office, such as when storing a device in a parked car or when working in a restaurant or coffee shop.
- The firm maintains an inventory of computing devices.
- Paper records are locked and desks are cleared of paper documents when they are not needed.
- The firm wipes electronic data off of computing devices before they are transferred, sold, or reused.
"Duty to Supervise The lawyer must regulate not only the lawyer’s own conduct but must take reasonable steps to ensure that all nonlawyers over whom the lawyer has supervisory responsibility adhere to the duty of confidentiality as well.
Technical Safeguards:
"Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter."
Wall Street Journal March 29, 2016
Security suggestions from:
American Bar Association
"Ethics and Cybersecurity:
Obligations to Protect Client Data
by Simshaw and Wu. March 2015
- The firm controls access to systems with client information using strong passwords or other authentication mechanisms.
- Individual workers have their own accounts on the firm network and computers.
- Workstations log off users after a period of inactivity or otherwise require the user to reauthenticate him or herself to the system.
- Client information is encrypted while at rest or in motion with reasonably robust encryption strength.
- Networks and computer systems log user activity.
- The firm uses software to prevent and detect malicious software.
- The firm’s networks are protected by technologies to control access, such as firewalls.
- When reasonable and appropriate, the firm will implement specific technologies for intrusion detection, data loss prevention, and continuous monitoring.
Criminal Espionage
Rule 4-5.3(b)
Reasonable Steps
Ethics