Presentation is loading. Please wait.

Presentation is loading. Please wait.

TECHNOLOGY & ETHICS 101 1 Association of Corporate Counsel © 2015 The information contained in these materials should not be construed as legal advice.

Published byAntonia Nelson Modified over 8 years ago

Similar presentations

Presentation on theme: "TECHNOLOGY & ETHICS 101 1 Association of Corporate Counsel © 2015 The information contained in these materials should not be construed as legal advice."— Presentation transcript:

1 TECHNOLOGY & ETHICS 101 1 Association of Corporate Counsel © 2015 The information contained in these materials should not be construed as legal advice or legal opinion on specific facts, and should not be considered representative of the views of ACC or any of its lawyers or consultants, unless so stated. The information contained in these materials is not intended to be a definitive statement on the subject but rather to serve as a resource providing practical information for the reader.

2 Our Goals Understand primary ethical responsibilities governing tech issues Provide practical tips for dealing with technology Identify resources to learn more about tech issues 2

3 What is Your Level of Tech Knowledge? Poor…little to none Good…I get by without much difficulty Very good…I am an early adaptor & stay ahead of the curve High…I am an expert and should teach this class 3 Image courtesy of Boians Cho Joo Young at FreeDigitalPhotos.net

4 Ethical Duties Affecting Tech Knowledge In August 2012, the ABA modernized the Model Rules to address technology issues, including… 4 Competence: Rule 1.1Confidentiality: Rule 1.6 Metadata: Rule 4.4 Outsourcing/Cloud Computing:Rule 5.3 Remember to read your state rules!

5 Technology and Competence ABA Model Rule 1.1: “Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” Comment [8] (new): “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” 5 Image courtesy of twobee at FreeDigitalPhotos.net

6 Practical Relevance Responding to discovery Storing client information in the cloud Compliance with data privacy regulations Protecting data and responding to a breach (“Cyber Security”) Managing corporate information flows Advising on document retention policies Sending & receiving documents with metadata Leveraging technology to lower legal department costs Advising on social media for investigations, hiring, etc. The proficiency you need may vary. 6

7 Takeaways on Competence Not a new obligation—nor is it difficult to grasp You should understand how technology works Standards evolve as practice changes—context matters and standards may vary You can still rely on consultants and IT experts (and probably should with appropriate diligence) Ethical duty of competence minimal standard; as a practical matter client business needs may require more You are in best position to see the big picture (e.g., PA Bar Ethics Op. 2011-200, p. 4) This is how you can provide value 7

8 “An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and then become integrated with the practice of law.” California State Bar Formal Opinion Interim No. 11-0004 (Feb. 28, 2014) (related to ESI and discovery request) See also, Luddite Lawyers Are Ethical Violations Waiting to Happen, Lawyerist, By Megan Zavieh, July 10, 2015 https://lawyerist.com/71071/luddite-lawyers-ethical-violations- waiting-happen/ 8

9 Technology and Confidentiality ABA Model Rule 1.6(c) (new): “A lawyer shall make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client.” Earlier focus was simply: “A lawyer shall not reveal information relating to the representation of a client * * *.” ABA Model Rule 1.6(a) 9 Image courtesy of Stuart Miles at FreeDigitalPhotos.net

10 Cyber Security and Lawyers FBI: Law firms and law departments are among the most vulnerable targets for cyber attacks. Lawyers are reported to… Have limited resources to dedicate to computer security Lack a sophisticated appreciation of technology risks Lack an instinct for cyber security Source: The ABA Cyber Security Handbook Consider breach of several Canadian law firms: http://www.canadianlawyermag.com/legalfeeds/1425/law-firms- targetted-in-top-10-worst-cyber-attacks.html http://www.canadianlawyermag.com/legalfeeds/1425/law-firms- targetted-in-top-10-worst-cyber-attacks.html 10

11 Cyber Security and Reasonableness Ethical duties vs. legal & regulatory obligations –Lawyer & law department data & communications –Corporate & business data Ethical considerations –Sensitivity –Cost –Difficulty –Likelihood of disclosure NDA or Confidentiality Agreements HIPAA, EU Directive and other regulatory obligations 11

12 HYPO 1 – Working at home! Situation: In-house counsel’s work is never done at the end of the day. In-house counsel just received information from the compliance team that an employee may be acting inappropriately to advantage certain clients seeking to purchase assets. Action: IHC forwards the relevant documents and emails, including the name and other data on the suspected employee, to a personal email account so that she can spend the rest of the night working on the issue. This is much easier than trying to log back in through VPN. And the home network is password protected. Issue: Is the in-house counsel meeting the ethical obligation to make reasonable efforts to prevent inadvertent disclosure? 12

13 Takeaways on Confidentiality Assess risks of handling information – systemically &matter specific “Reasonable efforts” is the standard for ethical duty; business needs may require more Analyze separately from data privacy obligations Bottom line - add value: Develop approaches to protect data Employee training Contracts 13

14 Receiving Metadata ABA Model Rule 4.4(b): “A lawyer who receives a document or electronically stored information [ESI] relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.” 14 Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net

15 ABA Model Rule 4.4(b) Obligations Notify sender No need to send back You can read metadata But avoid using special forensic software to access it Rules vary by state, e.g., New Jersey, do not read the document; stop reading the document; promptly notify the sender; and return the document to the sender. NJ RPC 4.4(b) For a summary of metadata ethics opinions from around the US, see http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/meta datachart.html http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/meta datachart.html 15

16 Notify the Sender Triggers Must know or should know ESI sent inadvertently Relates to representation “Inadvertently sent” ESI itself Info that includes ESI 16 Image courtesy of Stuart Miles at FreeDigitalPhotos.net

17 HYPO 2 – Nasty Letter! Situation: The HR Department receives an email with an attached letter from an employee alleging discrimination and breach of contract. The letter is very well written and very specific in stating the desired remedies. Action: The HR department brings the email to your attention. You decide to check the metadata to see if the employee has retained a lawyer. Next steps: Any problems? 17

18 Outsourcing & Cloud Computing ABA Model Rule 5.3 “With respect to a nonlawyer employed or retained by or associated with a lawyer: * * * (b) A lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; * * *.” 18 Image courtesy of ddpavumba at FreeDigitalPhotos.net

19 ABA Model Rule 5.3 What’s new? Comment clarifies that rule applies to nonlawyers outside dept. –Investigators –Paraprofessionals –Document management –Printing or scanning co. –Internet-based services Comment includes monitoring responsibility 19 Image courtesy of stockimages at FreeDigitalPhotos.net

20 Reasonableness Depends On… [Vendor’s] education, experience and reputation Nature of services How client information is protected Legal & ethical environments of jurisdictions 20 Image courtesy of pakorn at FreeDigitalPhotos.net

21 Cloud Computing Ethics rules allow it It is a form of outsourcing Exercise reasonable care to protect confidentiality of client information States largely agree that reasonable care required WSBA Advisory Opinion 2215 (2012) 21 Image courtesy of ddpavumba at FreeDigitalPhotos.net

22 States May Require a Mix of Precautions… Stay abreast of best practices Depending on sensitivity of date, get client consent Heed client instructions Understand provider’s security controls Periodically review security measures Have enforceable confidentiality agreement Get notice of breach Ensure access to client data Delete data & return to client when not needed Ensure back-up strategy E.g. New Hampshire State Bar Opinion 2012-13/4 (Cloud Computing) 22

23 Takeaways on outsourcing Give appropriate instructions to non-lawyers. If directing outside counsel to use certain vendors, agree on who is monitoring the vendors. Ensure nonlawyers in non-US jurisdictions understand your professional obligations. Remember, cloud computing is a form of outsourcing – so the same standards of diligence apply. 23 Image courtesy of digitalart at FreeDigitalPhotos.net

24 HYPO 3 – We need cutting edge! Situation: GC determines that the widely dispersed legal team needs a more efficient way to communicate real time to serve the client. Additionally, legal documents – including contracts, advice memos, and board documents – need to be stored and properly catalogued in a central repository with tiered access rights. Action: GC is poised to hire an innovative start-up that would provide a custom solution at a competitive cost. Issue: Is there anything the GC needs to consider before signing the deal? 24

25 Practical Takeaways Ten Tips for Working With Technology* *Jennifer Mailander, Associate GC, Corporation Services Co., and Chair of the ACC Litigation Committee, originally developed these tips for a presentation to the ACC Chicago Chapter. They have been modified and adapted for this presentation and are used with prior permission from the author. 25

26 10. Understand Your Company’s Technology Understand your company’s business and the technology your company uses on a daily basis Understand your company’s technology strategy Understand who has responsibility for buying and maintaining technology o What is Legal’s role? o What is your process for buying? o Make sure it includes a process to identify when Shadow IT is being used (when user/department finds Cloud provider when IT too busy) Know the regulations that apply to your industry Update your policies and procedures 26

27 9. Know Your Vendors and Your Vendors’ Vendors Know who your vendors are and what services they provide Connect and work with your security team -You both need to know when you find new places to store data Put a process in place to identify new technology being used -It’s happening: you just may not know about it NOTE: Hackers see your vendors as conduits to your data o Data loss at Target and Home Depot resulted from sub-contractor and 3 rd party vendor breaches 27

28 8. Know Your Law Firm’s Security Practices Understand your obligations as in-house counsel when working with your law firms Law firms are prime targets for hacks and unauthorized intrusions Join the ACC Litigation Committee Subcommittee on Cyber Security and Law Firms –Contact: Evan Slavitt, evan.slavitt@avx.comevan.slavitt@avx.com Join the ACC Working Group on Data Security for Law Firms –Contact: Amar Sarwal, sarwal@acc.comsarwal@acc.com 28

29 7. Be A Partner To The Business Find a way to help your business partners understand and mitigate technology risks; help them achieve success Host a series of lunch and learns with your business and technology counterparts –Present on areas of respective expertise Contract and licensing 101 Technology 101 Sales 101; Operations 101 etc. –Meet regularly to discuss issues, trends, etc 29

30 6. Conduct A Data Audit Form a cross-functional team to identify data practices Understand what and how data is managed -What is the data? -Who has (and should have) access? -Where does it go? -How long is it stored? Don’t collect data you do not need 30

31 5. Assess Your Individual Data Practices Where do you keep your personal data? –At home? –At work? Use a password manager –Do not store your passwords online 31

32 4. Know Your Company’s Breach and Incident Response Plan and Practices If you do not have a plan—create one! -Disaster recovery plan; incident response -Communication protocols -Key Stakeholders -Identify 3 rd Party Vendor in advance Know the plan and practices Know who has what roles in the plan Practice, practice, practice 32

33 3. Employee Training on Technology, Security & Privacy JUST DO IT! Employees are your biggest threat—poor security practices o Phishing o E.g., Sony 2. Get Comfortable With Technology Use your ACC resources: www.acc.com; ACC Committees and Chapterswww.acc.com o Webcasts; ACC Docket; Inhouse ACCess blog; eGroup David Pogue TED Talk o http://www.ted.com/talks/david_pogue_10_top_time_saving_tech_ti ps?language=en http://www.ted.com/talks/david_pogue_10_top_time_saving_tech_ti ps?language=en 33

34 2. Get Comfortable With Technology Password Storage o Lifehacker: Five Best Password Managers o www.lifehacker.com/5529133/five-best-password-managers www.lifehacker.com/5529133/five-best-password-managers PinHawk Law Technology Digest o http://www.pinhawk.com/latest.php?nl=18 http://www.pinhawk.com/latest.php?nl=18 ABA’s Law Technology Today o http://www.lawtechnologytoday.org http://www.lawtechnologytoday.org The Lawyerist o https://lawyerist.com/topic/tech/ https://lawyerist.com/topic/tech/ Google iPhone and Android tips Take a class 34

35 1. Network Inside and Outside Your Organization Develop a core team of company contacts to assist on technology issues -Use your contacts in other parts of the organization (e.g., IT, Security) to help keep you up to date on technology developments affecting your business Talk with your peers outside the company regarding best practices and stay current on new developments 35

36 THANK YOU! Association of Corporate Counsel 36

Download ppt "TECHNOLOGY & ETHICS 101 1 Association of Corporate Counsel © 2015 The information contained in these materials should not be construed as legal advice."

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
BELMONT UNIVERSITY AMERICAN INN OF COURT SEPTEMBER 9, 2014 PRESENTED BY KRISANN HODGES DEPUTY CHIEF DISCIPLINARY COUNSEL - LITIGATION BOARD OF PROFESSIONAL.

BELMONT UNIVERSITY AMERICAN INN OF COURT SEPTEMBER 9, 2014 PRESENTED BY KRISANN HODGES DEPUTY CHIEF DISCIPLINARY COUNSEL - LITIGATION BOARD OF PROFESSIONAL.
TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1.

TECHNOLOGY & ETHICS Association of Corporate Counsel ©
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Outsourcing: The Ethical Issues Steven M. Richman November 2014.

Outsourcing: The Ethical Issues Steven M. Richman November 2014.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Practical Information Management

Practical Information Management
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
STATE OF ARIZONA BOARD OF CHIROPRACTIC EXAMINERS Mission Statement The mission of the Board of Chiropractic Examiners is to protect the health, welfare,

STATE OF ARIZONA BOARD OF CHIROPRACTIC EXAMINERS Mission Statement The mission of the Board of Chiropractic Examiners is to protect the health, welfare,
WWW.MISHCON.COM © MISHCON DE REYA 2014 14 MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.

© MISHCON DE REYA MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.
Practice Management Quality Control

Practice Management Quality Control

Similar presentations

Ads by Google