TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1.

Slides:



Advertisements
Similar presentations
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Advertisements

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
© The McCoy Law Firm 2012 James McCoy The McCoy Law Firm Coit Rd., Ste. 560 Dallas, Texas (214)
Sizewise Code of Ethics, Conflict of Interest and Disclosure HR-CECID.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
BELMONT UNIVERSITY AMERICAN INN OF COURT SEPTEMBER 9, 2014 PRESENTED BY KRISANN HODGES DEPUTY CHIEF DISCIPLINARY COUNSEL - LITIGATION BOARD OF PROFESSIONAL.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Developing a Records & Information Retention & Disposition Program:
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
INTERNET and CODE OF CONDUCT
Session 3 – Information Security Policies
Conflicts and the Duty to Supervise for In-House Counsel Brian McCormac BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA Telephone:
Outsourcing: The Ethical Issues Steven M. Richman November 2014.
Legal Ethics and Social Networks Prof. David W. Opderbeck Seton Hall University Law School © 2011 David W. Opderbeck Licensed Under Creative Commons Attribution.
Internal Auditing and Outsourcing
Security Awareness Norfolk State University Policies.
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
HIPAA PRIVACY AND SECURITY AWARENESS.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
Data Mining Opinions Rita Assetto E-Discovery Fall 2009.
The Model Rules of Professional Conduct and Electronic Tools: How Ethical Rules Must Adapt to Address Current and Forthcoming Technologies By Melissa Freeman.
Practice Management Quality Control
Beyond the Fortress Fortify Your Content Before it Travels Beyond the Firm Walls.
Metadata – A Summary of Important Concepts and Opinions.
AVOIDING LEGAL MALPRACTICE AND ETHICS CLAIMS Marc L. Bogutz Louis J. Isaacsohn Wilson Elser Moskowitz Edelman & Dicker LLP Two Commerce Square 2001 Market.
Chapter Three Confidentiality In this chapter, you will learn about: Basic principles of confidentiality The attorney-client privilege and the difference.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Unit 9 Seminar Business Organizations. Things to do this unit: UNIT 9 – Read Chapter 13 and 14 – Respond to the Discussion Board – Attend the Weekly Seminar.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
Session 8 Confidentiality and disclosure. 1 Contents Part 1: Introduction Part 2: The duty of confidentiality Part 3: The duty of disclosure Part 4: Confidentiality.
Is Your Background Check Process Compliant?. 2 © Copyright 2015 ADP, LLC. Proprietary and Confidential Information. Agenda Privileged & Confidential.
DIRECTOR’S LEGAL LIABILITIES Doug Jackson Gungoll, Jackson, Collins & Box, P.C.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
Title of Presentation Technology and the Attorney-Client Relationship: Risks and Opportunities Jay Glunt, Ogletree DeakinsJohn Unice, Covestro LLC Jennifer.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
1 Ethical Lawyering Spring 2006 Class 8. 2 Rest. 68 Except as otherwise provided in this Restatement, the attorney-client privilege may be invoked as.
HAVE YOU BEEN NAPPING RIP VAN WINKLE? ETHICS UPDATE March 28, 2014 Georgette Phillips Kevin L. Shepherd Pamela Westhoff.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
TECHNOLOGY & ETHICS Association of Corporate Counsel © 2015 The information contained in these materials should not be construed as legal advice.
Law Firm Data Security: What In-house Counsel Need to Know
Ethics & Technology Sari w. montgomery Robinson Law group, llc
An Attorney’s duty of Technical Competence
Data Minimization Framework
Privacy principles Individual written policies
Chapter Three Ethics and Professional Responsibility
ACC Corporate Counsel University
Privacy and Security in the Employment Relationship
Chapter 3: IRS and FTC Data Security Rules
Bob Siegel President Privacy Ref, Inc.
AI & ETHICAL CONSIDERATIONS
Cybersecurity compliance for attorneys
Legal Ethics of Information Governance Presented by Sean Monahan
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Colorado “Protections For Consumer Data Privacy” Law
Practical & Ethical Guidelines for Texting with Clients
School of Medicine Orientation Information Security Training
Presentation transcript:

TECHNOLOGY & ETHICS Association of Corporate Counsel ©

AGENDA Technology & Competence (ABA Model Rule 1.1) Technology & the Duty of Confidentiality (ABA Model Rule 1.6) Receiving Counterparty’s Metadata (ABA Model Rule 4.4) Outsourcing & Cloud Computing (ABA Model Rule 5.3) Social Media (still being chartered…) 2

WHAT’S NEW? August 2012 – ABA modernizes model rules of professional conduct Six new technology-related changes, including modifying definition of writing to include “electronic communications” Topics addressed include: competence, confidentiality, and outsourcing California – has addressed each of these issues through formal opinions; although has not adopted ABA Model Rules, California Bar is trendsetter in this space Not in scope: Technology and Client Development 3

“An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and then become integrated with the practice of law.” California State Bar Formal Opinion Interim No (Feb. 28, 2014) (related to ESI and discovery request) 4

For IHC, where is tech competence relevant? Responding to discovery Choosing to store client information in a cloud Advising on compliance with data privacy regulation Managing cyber and warrantless surveillance risks Managing corporate information flows Advising on document retention policies Sending & receiving documents with metadata Leveraging technology to lower department costs Advising on social media for investigations, hiring, etc. Proficiency needed may vary. 5

TECHNOLOGY & COMPETENCE ABA Model Rule 1.1: “Competent representation requires the legal knowledge, skill, * * * reasonably necessary for the representation.” Comment [8] (new): “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” 6

Takeaways on competence Not a new obligation IHC should understand how technology works We can still rely on consultants and IT experts However– Remember, we have the big picture Legal analysis of technology- related decisions is key 7

TECHNOLOGY & CONFIDENTIALITY ABA Model Rule 1.6(c) (new): “A lawyer shall make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client.” Earlier focus was simply: “A lawyer shall not reveal information relating to the representation of a client * * *.” ABA Model Rule 1.6(a). 8

ABA Model Rule 1.6(c) Why? Guidance on duty to safeguard Confi concerns with ESI Possible situations 1. sent to wrong person 2.Legal dept. or lawyer’s account is hacked 3.Employee releases info without authorization California State Bar, Formal Opinion No (recognizing duty to prevent) ABA Formal Opinion (2011) (duty to protect confidentiality of communications) 9

Reasonableness from two angles Does IHC have a legal duty to safeguard? Confi agreement? Other applicable law? As part of ethical duty, are efforts to safeguard reasonable? Sensitivity of information Likelihood of disclosure Cost Difficulty of implementation Adverse impact on representation? (e.g., too difficult to use software or equipment) Client consent? 10

Spotlight: Warrantless surveillance? Resulting ethical questions: –Privacy expectation: Can IHC no longer reasonably expect certain communications to be private? –Confidentiality: Must we protect against warrantless surveillance as part of the reasonable efforts to prevent inadvertent disclosures? –Privilege: Must we protect against warrantless surveillance to intend that a communication be made in confidence? It depends: –Type of information at issue, the client’s business, significance of risk, and other factors… 11

HYPO 1 – Inbox always full! Situation: In-house counsel’s work is never done at the end of the day. In- house counsel just received information from the compliance team that an employee may be offering bribes to public officials to secure company contracts. Action: The employee forwards the relevant documents and s, including the name and other data on the suspected employee, to a personal account so that he can spend the rest of the night working on the issue. This is much easier than trying to log back in through VPN. And the home network is password protected. Issue: Is the in-house counsel meeting the ethical obligation to make reasonable efforts to prevent inadvertent disclosure? 12

Takeaways on confidentiality Assess risks of handling information – systemically & matter specific “Reasonable efforts” for ethical duty; business need may require more Analyze separately from other legal obligations And yet, consider third party best practices (e.g. NIST Cybersecurity Framework) Either way, add value! 13

RECEIVING COUNTERPARTY’S METADATA ABA Model Rule 4.4(b): “A lawyer who receives a document or electronically stored information relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.” 14

ABA Model Rule 4.4(b) Triggers Must know or should know ESI sent inadvertently Relates to representation “Inadvertently sent” ESI itself Info that includes ESI Obligations Notify sender No need to send back You can read metadata But avoid using special forensic software to access it HOWEVER: in California, no duty to notify. Sender must exercise reasonable care Oregon State Bar Formal Opinion

HYPO 2 – Seal the deal! Situation: In-house counsel is negotiating a joint venture agreement with a real estate company. The deal would include the acquisition of critical IP assets that are difficult to value. Action: The counter-party sends the in-house counsel an iteration of the acquisition agreement that includes metadata showing an internal back and forth on pricing and other potentially privileged commentary. Issue? Can in-house counsel use the information to get the best deal for the client without notifying the counterparty? 16

OUTSOURCING & CLOUD COMPUTING ABA Model Rule 5.3 “With respect to a nonlawyer employed or retained by or associated with a lawyer: * * * (b) A lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; * * *.” 17

ABA Model Rule 5.3 What’s new Comment clarifies that rule applies to nonlawyers outside dept. –Investigators –Paraprofessionals –Document management –Printing or scanning co. –Internet-based svcs Comment includes monitoring responsibility 18

When are efforts reasonable? Depends on– Nonlawyer’s education, experience and reputation Nature of services How client information is protected Legal & ethical environments of jurisdictions New Hampshire Bar Opinion /5 (2011) 19

Cloud Computing Ethics rules allow it It’s a form of outsourcing Exercise reasonable care to protect confidentiality of client information States largely agree that reasonable care required WSBA Advisory Opinion 2215 (2012) 20

HYPO 3 – We need cutting edge! Situation: GC determines that the widely dispersed legal team needs a more efficient way to communicate real time to serve the client. Additionally, legal documents – including contracts, advice memos, and board documents – need to be stored and properly catalogued in a central repository with tiered access rights. Action: GC is poised to hire an innovative start-up that would provide a custom solution at a competitive cost. Issue: Is there anything the GC needs to consider before signing the deal? 21

States may require a mix of precautions…  Stay abreast of best practices  Depending on sensitivity of date, get client consent  Heed client instructions  Understand provider’s security controls  Periodically review security measures  Have enforceable confi agreement  Get notice of breach  Ensure access to client data  Delete data & return to client when not needed  Ensure back-up strategy  Consult expert as needed 22 E.g. New Hampshire State Bar Opinion /4 (Cloud Computing)

Takeaways on outsourcing Give appropriate instructions to nonlawyers. If directing outside counsel to use certain vendors, agree on who is monitoring the vendors. Ensure nonlawyers in non-US jurisdictions understand your professional obligations. Remember, cloud computing is a form of outsourcing – so the same standards of diligence apply. 23

SOCIAL MEDIA A few rules of thumb– Check it for public info Preserve it as evidence Avoid using it to deceive Don’t share confi info on it Oregon State Bar Formal Opinion New Hampshire Bar Opinion /05 (2013) New York City Bar Opinion (2010) Philadelphia Bar Opinion (2009) 24

PRACTICE TIPS FOR IN-HOUSE COUNSEL 1.Understand benefits & risks of relevant technology. 2.Take reasonable steps to protect client information from inadvertent disclosure. 3. Know that discovering metadata in your documents may trigger notification requirements. 4.Understand and plan for risks with cloud computing. 5.Know who is monitoring nonlawyer assistance and communicate your professional obligations. 6.Exercise care and diligence with social media. 25

THANK YOU! Association of Corporate Counsel Large Law Department 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.