Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


The Professional Responsibilities

No description

David Abrams

on 16 April 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Professional Responsibilities

Reasonable Steps

Assessing The

Information We

Email Address
Ethical Rules:
Physical Safeguards:
Technical Safeguards:
The law office has walls, doors, and windows that reasonably prevent physical intrusion. Server rooms have physical barriers that prevent people in lobby areas from accessing them.
People in waiting areas cannot see the screens of workers in the reception areas.
Workers are trained to prevent the loss or theft of mobile devices or media, especially while out of the office, such as when storing a device in a parked car or when working in a restaurant or coffee shop.
The firm maintains an inventory of computing devices.
Paper records are locked and desks are cleared of paper documents when they are not needed.
The firm wipes electronic data off of computing devices before they are transferred, sold, or reused.
The firm controls access to systems with client information using strong passwords or other authentication mechanisms.
Individual workers have their own accounts on the firm network and computers.
Workstations log off users after a period of inactivity or otherwise require the user to reauthenticate him or herself to the system.
Client information is encrypted while at rest or in motion with reasonably robust encryption strength.
Networks and computer systems log user activity.
The firm uses software to prevent and detect malicious software.
The firm’s networks are protected by technologies to control access, such as firewalls.
When reasonable and appropriate, the firm will implement specific technologies for intrusion detection, data loss prevention, and continuous monitoring.
1. The firm has policies, procedures, guidelines, and training materials to govern the security function.
2. The firm undertakes a risk assessment to determine the threats to its client information in light of the sensitivity of the information.
3. The firm implements controls that manage its risk to a reasonable level, and it should consider obtaining insurance coverage.
4. The firm has named a person or team in charge of information security.
5. The firm has employment procedures by which workers are evaluated in part based on their compliance with security policies and procedures. Workers face discipline if they violate those policies and procedures.
6. The firm manages which members of its workforce have access to which kinds of information and change such access when job duties change.
7. The firm investigates the background of workers with access to client information to provide assurances that they are trustworthy and competent.
8. The firm has procedures when a worker leaves the firm to stop access to client information.
9. The firm has a program of security and privacy awareness and training, including periodic reminders and updates. Topics include the protection of electronic information, computer systems, preventing malicious software, social media practices, the protection of paper records, and not discussing client matters in public places.
10. The firm has procedures for security incident reporting and handling. It should have an incident response team to handle incidents.
11. The firm has procedures for backing up client information.
12. The firm has a disaster recovery and business continuity plan to provide assurances of continued operation in the event of a natural or man-made disaster.
13. The firm has procedures for auditing or assessing the effectiveness of its security controls.
14. The firm supervises third parties with access to client information.
"A lawyer should keep in confidence information relating to representation of a client except so far as disclosure is required or permitted by the Rules of Professional Conduct or by law"
"(e) Inadvertent Disclosure of Information. A lawyer must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."
"Duty to Supervise The lawyer must regulate not only the lawyer’s own conduct but must take reasonable steps to ensure that all nonlawyers over whom the lawyer has supervisory responsibility adhere to the duty of confidentiality as well.
Prior Cases
Social Security Numbers
Financial account numbers
Corporate Trade Secrets
e-discovery data
Litigation material
Medical information
Birthdates, etc.
Protecting Our Clients
From Identity Theft

The Professional Responsibilities
Or Lawyers

David H. Abrams
April 2016
Administrative Safeguards
Malicious Insider
State Sponsored Hacking
"China-based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal."

In 2001, a paralegal at a large firm in New York downloaded a copy of a trial plan from his firm’s computer system and tried to sell the plan to opposing counsel for $2 million.
Criminal Espionage
"Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter."
Wall Street Journal March 29, 2016
Data Lawyers Possess
Storage Devices
Preamble to Florida Rules for Professional Responsibilities
Florida Rule of Professional Responsibility 4-1.6
Rule 4-5.3(b)
2010 Fla Bar Ethics Opinon
Ensure Confidentiality by:
identification of the potential threat to confidentiality along with the development and implementation of policies to address the potential threat to confidentiality
inventory of the Devices that contain Hard Drives or other Storage Media
supervision of nonlawyers to obtain adequate assurances that confidentiality will be maintained
responsibility for sanitization of the Device by requiring meaningful assurances from the vendor at the intake of the Device and confirmation or certification of the sanitization at the disposition of the Device.
Florida Bar Ethics Opinion 12-3, January 2013
Cloud Computing
Lawyers may use cloud computing if they take reasonable precautions to ensure that confidentiality of client information is maintained, that the service provider maintains adequate security, and that the lawyer has adequate access to the information stored remotely. The lawyer should research the service provider to be used.
Security suggestions from:
American Bar Association
"Ethics and Cybersecurity:
Obligations to Protect Client Data
by Simshaw and Wu. March 2015
Rule 5.2. Privacy Protection For Filings Made with the Court
(a) Redacted Filings. Unless the court orders otherwise, in an electronic or paper filing with the court that contains an individual's social-security number, taxpayer-identification number, or birth date, the name of an individual known to be a minor, or a financial-account number, a party or nonparty making the filing may include only:
(1) the last four digits of the social-security number and taxpayer-identification number;
(2) the year of the individual's birth;
(3) the minor's initials; and
(4) the last four digits of the financial-account number.
(b) Exemptions from the Redaction Requirement. The redaction requirement does not apply to the following:
(1) a financial-account number that identifies the property allegedly subject to forfeiture in a forfeiture proceeding;
(2) the record of an administrative or agency proceeding;
(3) the official record of a state-court proceeding;
(4) the record of a court or tribunal, if that record was not subject to the redaction requirement when originally filed;
(5) a filing covered by Rule 5.2(c) or (d); and
(6) a pro se filing in an action brought under 28 U.S.C. §§ 2241, 2254, or 2255.
Check out my blog/youtube channel
Practice website: www.dhabramslaw.com
Full transcript