Forensic Update

Reflections on information management within the legal and regulatory arena

Archive for December, 2010

What You Wish Your Lawyer Had Told You About Social Media…

Posted by Johnny Lee on December 20, 2010

Michelle Sherman, Special Counsel at Sheppard Mullin, has authored a very insightful piece on the intersection of social media and law.  In classic law-school style, she highlights many of the key evidentiary rulings related to social media via a hypothetical that could apply to virtually any employer–or employee, for that matter.

Her post, found here on the firm’s Social Media Law Update blog, is definitely worth a careful read.  She has distilled a great deal of research into a clear set of guidance for individuals and companies wrestling with their online policies and behavior, as they relate to social media.

“The setting is the week before trial and the company has been ordered by the court to attend a final settlement conference. The company Kris Kringle Inc. is suing a former employee for taking the customer list and setting up a competing business for video games. Kris Kringle is also suing for deceptive trade practices and arguing that the defendant is getting business by confusing consumers and also posting disparaging comments about its video games…”  Definitely worth a read…kudos to Michelle for a great job on this.

Posted in Computer Forensics, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , | Comments Off on What You Wish Your Lawyer Had Told You About Social Media…

Florida Bar Association requires lawyers to sanitize storage media…

Posted by Johnny Lee on December 15, 2010

On December 10, the Florida Bar Board of Governors issued final approval to Ethics Advisory Opinion 10-2, which speaks to a lawyer’s ethical duty to sanitize storage media that may contain client data.  The Opinion, available on the Florida Bar Association’s website, is an extension of existing rules that reinforce the premise that lawyers have an ethical obligation “to protect information relating to the representation of a client.”  It states that a lawyer who uses a device with “storage media” within it (such as printers, copiers, scanners, and fax machines) must take “reasonable steps to ensure that client confidentiality is maintained and that the Device is sanitized before disposition.”

This Advisory Opinion was written in response to a request from the Florida Bar Board of Governors to address the ethical obligations of attorneys regarding client data stored on hard drives.  The Opinion acknowledges the increasing number of devices that now contain hard drives (or similar storage media) that can store client information.  Further, the Opinion addresses the often unintentional storage of client data by attorneys due to a lack of awareness related to the behind-the-curtain machinations of such devices.

The Opinion states that is is important for lawyers to “recognize that the ability of the Devices to store information may present potential ethical problems for lawyers.”  It goes on to prescribe a series of steps that attorneys must follow to ensure that inadvertent disclosure of confidential information, including: (1) identification of the potential threat to confidentiality along with the development and implementation of policies to address the potential threat to confidentiality; (2) inventory of the Devices that contain Hard Drives or other Storage Media; (3) supervision of nonlawyers to obtain adequate assurances that confidentiality will be maintained; and (4) responsibility for sanitization of the Device by requiring meaningful assurances from the vendor at the intake of the Device and confirmation or certification of the sanitization at the disposition of the Device.

Interestingly, the confidentiality and competence rules upon which this Opinion 10-2 is based applies to all information relating to the representation of a given client, whether provided to counsel in confidence or not.  Put differently, an attorney may not disclose such information except as permitted or required under the professional conduct rules or by law.

This raises non-trivial considerations for counsel throughout their representation of a client.  In effect, attorneys must keep current with changes in technology to the extent that such changes may impinge upon client confidences.

It will be interesting indeed to see where these new duties lead.  It raises a host of questions about the storage and disclosure of not only client information but other forms of sensitive data (e.g., medical records, personally identifiable information, social security numbers).  Likewise, the Opinion directly implicates the lawyer’s duty to supervise others (including non-lawyers) in the protection of confidentiality.  Undoubtedly, this will present unique challenges for both corporate counsel and their external counsel, as technology will continue to evolve at a rapid pace, and with it the speed and portability of potentially sensitive data.

Posted in Computer Forensics, ECM, eDiscovery, Information Security, Investigations, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , | Comments Off on Florida Bar Association requires lawyers to sanitize storage media…

New Requirement for Massachussetts Personnel Records…

Posted by Johnny Lee on December 1, 2010

File FolderOn August 5, 2010, the Governor of Massachusetts signed into law an amendment to the Massachusetts personnel records statute (q.v., Chapter 149, §52C).  This amendment creates a duty to employers to notify an employee whenever his or her personnel record is updated with anything that can “negatively affect the employee’s qualification for employment, promotion, transfer, or additional compensation or the possibility that the employee will be subject to disciplinary action.”

So…in addition to the affirmative duties that employers have to “paper” their employees’ activities to guard against future litigation and investigation risk, there is now a duty to disclose anything that may hinder that employee’s career track down the road.  Mercifully, there is no private cause of action under the revised statute (which would enable an employee to sue for failing to provide notice of such updates).  However, the state Attorney General can impose fines for such failures, and employers need to heed this “right to audit” that now extends to a very powerful state investigative body.

Definitely food for thought…coupled with social media considerations, traditional HR constraints, and substantial records retention issues, this new burden is a non-trivial expansion of duties for Massachusetts-based employers.  It appears that compliance management just got a lot trickier for the labor and employment bar in that state.

Posted in eDiscovery, Investigations, Records Retention | Tagged: , , , , , , , , , , , , , , | Comments Off on New Requirement for Massachussetts Personnel Records…

%d bloggers like this: