Obviously, one of the biggest concerns for a lawyer is the confidentiality of client records and work product.
As recently reported on the Huffington Post, there are a number of major players on the Internet who see it fit to trawl for user information when visiting their sites. While maybe not a big deal, other than the unwanted hassle of targeted advertising, other sensitive information could be a real problem where one is storing client files on the Cloud or where similar factors present themselves.
While one could say that he/she will never be using the Cloud to store client data, I think the reality is that there may be no realistic alternatives in the future for what we consider to be standard storage now (i.e., hard drives, USB drives, external drives, etc.). It’s not all bad if we plan now and place a privacy/security infrastructure in place now.
Historically, the confidentiality between the learned professions and those are served by those professions has been largely respected and protected. Current technology does not eliminate the legitimate public policy concerns underlying these privileges against invasion, disclosure, production, and admission into evidence before a court. For better or worse, most public policy issues express themselves through the regulatory environment and the creation of a whole new set of laws and restrictions (as though we don’t have enough laws on the books). This being said, until there is a way of getting people to better behave themselves, we will have to settle for making a complex legal system even more so.
Realistically, I think that we will all eventually end up storing and processing much of our information through services such as Dropbox, Windows Live, Google Docs, RocketMatter.com, and other cloud-based servers. While it is easy to say that hard storage will never be eliminated, the same could have been said of the cassette tape, VCRs, eight-tracks, zip drives, and a whole host of other tech items that seemed to earn what we thought was a permanent place in our daily lives. While the main focus on these forms of storage media were related to intellectual property rights, privilege issues have not been widely discussed in the legal field. It may simply be that lawyers, as a profession, are way behind the technological curve. However, I am fairly certain that our clients not only expect confidentiality of information, they rightfully demand it.
In a recent review by me of the Rutter Group’s treatise on Professional Responsibility, there was quite a bit of information in the privacy concerns that arise as a matter of professional ethics. Most of the information related to state bars coming down on lawyers for advertising violations. There was also a brief discourse on how Facebook and other social networking sites affect bias of the judiciary, public perception, and client confidentiality. What was not provided was a solution to how attorneys can stay competitive, be environmentally friendly, and how they might protect information in a world of data retention that changes and advances by the day. Thus, this all becomes an issue about what we are all willing to do in order to protect not only confidential client information, but our own reasonable expectations of privacy in our personal lives as professionals and regular citizens/consumers.
Notwithstanding the privacy concerns within our specific profession, the Federal Trade Commission (FTC) is working on some proposals designed to address the invasions of privacy occasioned by some of the sites specifically mentioned in the Huffington Post article.
In the report, the FTC asserts that, “Companies should incorporate substantive privacy protections into theirpractices, such as data security, reasonable collection limits, sound retention practices, and data accuracy,” and that, “Companies should maintain comprehensive data managementprocedures throughout the life cycle of their products and services.” There are also a number of practical proposals set out as well:
- Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices.
- Companies should provide reasonable access to the consumer data they maintain; the extent of access should be proportionate to thesensitivity of the data and the nature of its use.
- Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected.
- All stakeholders should work to educate consumers about commercial data privacy practices.
While I am ordinarily no fan of governmental interference with a Free Market Economy, I must say that I do agree with the conclusion that many of the cooking tracking, user-history exploitation, and unwanted targeted advertising schemes are the product of a lack of education on the part of Internet users.
Moreover, unlike the voluntary decision to go to a store or similar place, the decision to utilize the internet is one that often involves making a connection from one’s private location and the associated plethora of data that rests on our personal or business computers. As indicated above, this is a huge concern especially for professionals who retain confidential information with respect to their clients. One can only sadly imagine the potential liability exposure should a marketer get a hold of professional-user information that references specific clients and sensitive data associated with them.
Keeping up on these issues is a must for not only those of us in positions of trust, I strongly believe that there is a legitimate issue of safety that deserves the expenditure of governmental resources for preventative measures and, at a minimum, for the education of those who use the internet.