If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center
|
|
- Abel Conley
- 8 years ago
- Views:
Transcription
1 If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center Not since the terms cyberspace and Y2K has there been an inexact technology term so bandied about as cloud computing. We hear it more and more, but what does it mean? More importantly, what does it mean for lawyers? Cloud computing is the use of software and storage of information, documents, and other electronic files in an off site computer server (or servers) outside of the physical space of the law office and beyond the normal control of the lawyer or law firm. Examples of cloud computing include webmail services such as Gmail, on line file back up services, web based immigration case management services, and hosted services, among others. Cloud computing is really a form of outsourcing functions normally done within the confines of an office. Outsourcing technology functions is growing rapidly across all businesses. Rather than have network servers, software applications, or data reside exclusively within the walls of a law firm, these functions can now be managed off site by third parties at a lower cost than traditional IT. The data is connected to the business by the Internet (and vice versa). Here is a real world analogy of cloud computing (courtesy of the Wall Street Journal): Imagine a large law firm that, instead of using a commercial service like FedEx, decided to create its own worldwide parcel delivery system. The company would buy warehouses, delivery trucks and airplanes. It would hire package handlers, mechanics and logistical experts. All this would require an enormous investment and would be quite impossible for any law firms to do efficiently, cost effectively or well. Cloud computing is the equivalent of hiring FedEx. It is a way to outsource the service of providing the hardware, software, and human resources required to deliver, store and manage digital data. The outside service providers in turn achieve economies of scale, lowering the cost to all their customers. It is up to the individual business to decide how much of their technology to outsource. Cloud computing services can include complete data center infrastructure including networking, electronic file storage, operating systems, application servers, e mail servers, security, update and user management, file backup services, and disaster recovery. The most common use of technology outsourcing is on line data storage, but a growing trend, especially in smaller firms is a form of cloud computing known as Software as a Service or SaaS. SaaS is software that is not installed on your computer but instead is hosted remotely. Users access the software over the internet and the data is hosted remotely along with the software. Another way to think of SaaS is that it uses the web as a platform your operating system becomes, de facto, your web browser.
2 Options for implementing SaaS in your office are multiplying rapidly. There are SaaS solutions for on line backup and data storage, such as ibackup, Carbonite, or Mozy. There are case management programs, such as Clio or RocketMatter. There are office suites, such as GoogleDocs and Microsoft Office 365. There are document management services such as NetDocuments and Worldox. Even old stalwarts of installed software are moving toward SaaS, such as Intuit s QuickBooks and Quicken. SaaS does not require the user to download, patch, update or otherwise maintain the software it is all done at the host site. This creates an uptick in ease of use for users, but as usual, along with that improvement comes a potential disadvantage too: SaaS products are usually billed in monthly or annual subscriptions; i.e., you stop paying for the service and you stop receiving it altogether. Cloud computing (aka outsourcing) is an unbeatable market force, but it is also an ethical minefield for lawyers. That said, it is not an impossible minefield to navigate, so here are some issues to consider and questions to ask before you outsource into the cloud. Ethical Rules and Legal Responsibilities Attorneys have ethical, contractual, common law, and regulatory duties to safeguard client information. Ethical obligations are imposed by your state Rules of Professional Conduct. Legal responsibilities come from state and federal laws addressing data security and consumer protection. Since 2004, 45 states have enacted data security laws that protect consumers if personal information in the possession of a business is lost or stolen. The most common obligations involving client confidences and information stem from these rules: A. Rule 1.1 Competence B. Rule 1.3 Diligence C. Rule 1.4 Communication D. Rule 1.6 Confidentiality of Information (See also Rules 1.9(c) and 1.18(b)) F. Rules 5.1, 5.2 and 5.3 Duties of Supervising and Subordinate Attorneys, and Supervision of Non lawyer Assistants Rule 1.1 covers competence. It is not just competence in law, but in using the technology to practice law and service clients. Comment 16 to this rule states: A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer s supervision. See Rules 1.1, 5.1 and 5.3.
3 A number of state ethics opinions address professional responsibility issues related to attorneys use of various technologies. In 2009, Arizona issued LEO in response to an inquiry about on line file storage that is securely accessible by the firm and authorized clients. Other bar associations have recognized that the duty to take reasonable precautions does not require a guarantee that the system will be invulnerable to unauthorized access. [Citation omitted] Instead, the lawyer is required to exercise sound professional judgment on the steps necessary to secure client confidences against foreseeable attempts at unauthorized access. It is also important that lawyers recognize their own competence limitations regarding computer security measures and take the necessary time and energy to become competent or alternatively consult available experts in the field. The competence requirements of ER 1.1 apply not only to a lawyer s legal skills, but also generally to those matters reasonably necessary for the representation. Therefore, as a necessary prerequisite to making a determination regarding the reasonableness of online file security precautions, the lawyer must have, or consult someone with, competence in the field of online computer security. The opinion provided further guidance for lawyers: [T]he Committee also recognizes that technology advances may make certain protective measures obsolete over time. Therefore, the Committee does not suggest that the protective measures at issue in Ethics Op or in this opinion necessarily satisfy ER 1.6 s requirements indefinitely. Instead, whether a particular system provides reasonable protective measures must be informed by the technology reasonably available at the time to secure data against unintentional disclosure. N.J. Ethics Op As technology advances occur, lawyers should periodically review security measures in place to ensure that they still reasonably protect the security and confidentiality of the clients documents and information. In 2010, the State Bar of California issued Formal Opinion No , and focused on the changing standard of care, but also provided factors to evaluate before using a particular technology to store or transmit client information: The Digest to this opinion states: Whether an attorney violates his or her duties of confidentiality and competence when using technology to transmit or store confidential client information will depend on the particular technology being used and the circumstances surrounding such use. Before using a particular technology in the course of representing a client, an attorney must take appropriate steps
4 to evaluate: 1) the level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security; 2) the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information; 3) the degree of sensitivity of the information; 4) the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product; 5) the urgency of the of the situation; and 6) the client s instructions and circumstances, such as access by others to the client s devices and communications. The ethics opinions that have addressed attorneys use of cloud technology have focused primarily on the duties of competence and confidentiality. Some have also addressed the duty to supervise. The key issues in all opinions are: a) Failure to timely service clients because of a temporary or permanent loss of data or connection to cloud service. b) Lack of control over data. c) International storage of data beyond the laws, rules, and regulations of the United States. d) Obligation to obtain client consent about the outsourcing of their personal data storage to a cloud vendor. Competence & Supervision You are responsible for supervising the work and assuring the competence of your outsourced service providers. At a bare minimum, check the service provider s references. You may also want to perform a background investigation on all service providers and interview principal lawyers. Finally, consider investigating the security of the provider s premises, computer network, and waste disposal services. Confidentiality Model Rule 1.6(a) mandates that a lawyer may not reveal confidential client information without the client s informed consent. This includes client information and data that you entrust to a cloud provider. Increasingly, state bar associations are tackling the ethical dimensions of electronically stored information and lawyers using SaaS must exercise professional judgment and caution. Outsourcing Cloud computing is a form of outsourcing. We are delegating the maintenance of some or all computing functions to a non employee outside of our direct control within our
5 office. The ABA has recognized the competing benefits and risks of outsourcing and has provided ethical guidance in ABA Formal Opinion (Lawyer s Obligations When Outsourcing Legal and Non Legal Support Services). Although this opinion is non binding on lawyers, it is a source of reasoned guidance. It concludes: The challenge for an outsourcing lawyer is, therefore, to ensure that tasks are delegated to individuals who are competent to perform them, and then to oversee the execution of the project adequately and appropriately. At a minimum, a lawyer must investigate the background of any service provider to make sure they possess the correct skill, competence, and integrity to adequately and appropriately handle the tasks being delegated. An outsourcing lawyer should recognize and minimize the risk that any outside service provider may inadvertently or perhaps even advertently reveal client confidential information to adverse parties or to others who are not entitled to access. One recommended precaution is to require the third party provider to sign a confidentiality agreement that provides specific guidance to the provider for maintaining confidentiality. Such language may already be in the proposed services contract, but reasonable modifications may be required for the best reasonable protection under Rule 1.6. The agreement should give specific examples of prohibited conduct and triggers for notification of a breach (unless covered elsewhere in your services contract). Some legal technology experts opine that the outsourced data may actually be safer under the control of a third party provider than at a small law firm with a small or no IT staff. Legal Responsibilities Legal responsibilities come from state and federal data security laws that are of growing importance in our interconnected world. These laws address what happens if your client information (including that held by a cloud based service) is breached (lost or stolen). Generally, these state laws require anyone who holds consumers personal information to take action if the breach exposes consumers to risk of financial fraud. Although each state law defines consumer personal information differently, a social security number or financial institution account number in combination with a name is at the core of most definitions. If there is a breach of data on your computers or the cloud provider s computers and you possess consumer personal information, data security laws require that your clients be notified of the breach. The same is true if any lawyer s computer or mobile device is lost or stolen and the data is breached. This client notification can be an embarrassing step for lawyers, but it is a necessary one. The purpose of the notice is to allow consumers to protect themselves from possible repercussions of the data breach such as identity theft, so delaying the notice to them could be harmful.
6 These laws should not scare you away from cloud computing, but you must be prepared to respond to protect your clients interests if there is a breach of client information. Potential Questions for Cloud Providers Here is a list of questions to help you select the right cloud provider, while meeting your ethical and legal obligations. These are aimed at particularly at SaaS providers. The list is not exhaustive, just a starting point. Before purchasing a cloud solution: 1. Read the user or license agreement terms. 2. Determine where the data is stored. Is it solely within the United States? 3. Determine who, besides you, has access to the data. 4. Who owns the data residing on the service provider s servers? 5. If you terminate the service, how do you retrieve your data and what happens to the data hosted by the service provider? 6. Examine the service provider s physical and electronic security and confidentiality policies. What layers of protection do they have? Do they provide notice of a breach? 7. What is the history of downtime for the service? What redundancy do they have to avoid downtime? Potential Questions for Cloud Storage Providers A separate article, available on InfoNet, addresses the questions to ask a cloud storage/data back up provider in more depth. Conclusion As Internet connection speeds become faster and less costly, as the cost of internal hosting of law firm servers and software becomes more expensive, and as the reliability and functionality of "cloud" options increase, will firms be able to resist the economic forces at play? As this next era in law firm technology begins, firms must ethically balance the needs of the client with the realities of this new technology. However, caution rather than fear should rule the day.
Ethical Considerations for Lawyers Using the Cloud
Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012
More informationLAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)
CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access
More informationAdvisory Committee on Professional Ethics. Appointed by the Supreme Court of New Jersey
N.J.L.J. N.J.L. Advisory Committee on Professional Ethics Appointed by the Supreme Court of New Jersey Opinion 701 Advisory Committee on Professional Ethics Electronic Storage And Access of Client Files
More informationConnecticut Bar Association
Connecticut Bar Association Professional Ethics Committee 30 Bank Street PO Box 350 New Britain CT 06050-0350 06051 for 30 Bank Street P: (860) 223-4400 F: (860) 223-4488 Approved June 19, 2013 Informal
More informationLegal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev
Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,
More informationPresented by Luke Downing
Presented by Luke Downing What is the Cloud? Market research 5 key benefits Considerations/Risks ABA rules Questions to asks Q&A Incorporated in 2002 Founded by Luke Downing & Matt Bakey Located in Norfolk,
More informationEmail Data Security. The dominant business communication tool
Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools
More informationETHICS for Lawyers and Law Firms Using Cloud Technology
ETHICS for Lawyers and Law Firms Using Cloud Technology Donna Kirk Seyle ~ Legal Tech Advisor: Law Practice Strategy 108 MONTESANO ST SANTA CRUZ, CA 95062 (831) 332-2243 Donna Seyle is an attorney, author,
More informationIs Cloud Computing Inevitable for Lawyers?
Is Cloud Computing Inevitable for Lawyers? by Sharon D. Nelson and John W. Simek 2015 Sensei Enterprises, Inc. Not a single day goes by when you don t hear something about cloud computing. It could be
More information( and how to fix them )
THE 5 BIGGEST MISTAKES LAWYERS MAKE WHEN CHOOSING A CLOUD SERVICE PROVIDER ( and how to fix them ) In recent years, an increasingly large number of law firms have moved their software and data to the cloud.
More informationCloud Computing A Silver Lining or Ethical Thunderstorm for Lawyers?
Consultus Electronica Cloud Computing A Silver Lining or Ethical Thunderstorm for Lawyers? by James M. McCauley, Ethics Counsel, Virginia State Bar Because of the flagging economy, businesses and professionals
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationCloud Computing: Managing Legal Risks and Ethical Issues
Cloud Computing: Managing Legal Risks and Ethical Issues Kathryn L. Ossian Miller, Canfield, Paddock and Stone P.L.C. A. What is Cloud Computing? I. Introduction: The Cloud Is Calling Cloud computing has
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationLegal Ethics Practical Tips from Where else?... Practice
Legal Ethics Practical Tips from Where else?... Practice Presented by: Mark C. Dosker mark.dosker@squiresanders.com Corporate Miranda or Upjohn Warnings Issues Facing Counsel at the Onset of an Internal
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationIntroduction to Cloud Computing and Its Ethical Implications Is There a Silver Lining?
NYPRR May 2010 Introduction to Cloud Computing and Its Ethical Implications Is There a Silver Lining? BY JEREMY R. FEINBERG AND MAURA R. GROSSMAN This article is Part one of two and is reprinted with permission
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationAMERICAN BAR ASSOCIATION STANDING COMMITTEE ON ETHICS AND PROFESSIONAL RESPONSIBILITY
AMERICAN BAR ASSOCIATION STANDING COMMITTEE ON ETHICS AND PROFESSIONAL RESPONSIBILITY Formal Opinion 08-451 August 5, 2008 Lawyer s Obligations When Outsourcing Legal and Nonlegal Support Services A lawyer
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationThis is not your grandfather s litigation. BUT. ediscovery Services are not legal services.
This is not your grandfather s litigation. BUT ediscovery Services are not legal services. TYPES OF ETHICAL ISSUES THAT MIGHT ARISE IN THE CONTEXT OF ediscovery: Document collection Privacy issues Inadvertent
More information3Degrees Group, Inc. Privacy Policy
3Degrees Group, Inc. Privacy Policy Your privacy is important to 3Degrees Group, Inc. ( 3Degrees ). The following Privacy Policy discloses the information practices followed by 3Degrees with respect to
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationCommercial Internet Banking Agreement and Disclosures
Rev. 4/2015 Commercial Internet Banking Agreement and Disclosures 1. Coverage. This Agreement applies to your use of our commercial Internet Banking Service, which permits you to access your accounts with
More informationPROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs
PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use
More informationCLOUD COMPUTING AND THE ETHICAL CHALLENGES
CLOUD COMPUTING AND THE ETHICAL CHALLENGES Prepared for Multi-Track Federal Criminal Defense Seminar: Strategies for Defending Complex Cases AOKI LAW PLLC Russell M. Aoki Coordinating Discovery Attorney
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationEthics in Technology and ediscovery Stuff You Know, But Aren t Thinking About
Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About Kelly H Twigger, Esq. Oil and Gas Symposium Arkansas Law Review October 16-17, 2014 Overview In the last two decades, business
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationNeoscope www.neoscopeit.com 888.810.9077
Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationEvery Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World
Every Cloud Has A Silver Lining Protecting Privilege Data In A Hosted World May 7, 2014 Introduction Lindsay Stevens Director of Software Development Liquid Litigation Management, Inc. lstevens@llminc.com
More informationLAWYERS AS CONTRACTORS HOW MUCH CAN YOU CHARGE FOR THAT?
LAWYERS AS CONTRACTORS HOW MUCH CAN YOU CHARGE FOR THAT? KRISTEN BRAUCHLE Brockman, Brauchle & Evans, PLLC 2020 Southwest Freeway, Ste 323 Houston, Texas 77098 kbrauchle@bbelawfirm.com 713-224-6100 State
More informationKeep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise
Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing
More informationLitigating in the Cloud - Security Issues for the Trial Practice
Litigating in the Cloud - Security Issues for the Trial Practice J. Walter Sinclair Stoel Rives LLP 101 S. Capitol Blvd, Suite 1900 Boise, Idaho 83702-7705 (208) 389-9000 jwsinclair@stoel.com Mr. Sinclair
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationOnline Banking Agreement
Online Banking Agreement If you would like to have a paper copy of this Agreement sent to you, please send us an e-mail at netteller@usbhazen.com. This Netteller Online Banking Agreement (this Agreement
More informationHow To Get Cloud Computing For A Fraction Of The Cost
Cloud Computing Keeping Up With IT During Recession Table of Contents Introduction...3 What is Cloud Computing?...3 Importance of robust IT Systems...4 Benefits of Cloud Computing...4 Lower Expenses: capital
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationAn Introduction to the Technology and Ethics of Cloud Computing. Jack Newton Co founder and President Themis Solutions Inc. (Clio)
An Introduction to the Technology and Ethics of Cloud Computing Jack Newton Co founder and President Themis Solutions Inc. (Clio) what is software-as-a-service? traditional computing model The Internet
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationNEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES
NEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES 1 A SHORT INTRODUCTION TO ESI & ediscovery 2 MATERIALS R.J. Hedges, Electronic Discovery: Trends & Developments Under
More informationCloud Computing and Its Impact on the Practice of Law Five Trends Lawyers Can t Ignore Thursday, May 8, 2014
American Bar Association Section of Family Law 2014 Spring CLE Conference Cloud Computing and Its Impact on the Practice of Law Five Trends Lawyers Can t Ignore Thursday, May 8, 2014 Speaker: Christopher
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationOutsourcing and third party access
Outsourcing and third party access This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security
More informationDocument Automation in the Cloud Virtual Lawyering on Steroids
Group Legal Services Association Solo, Small Firm, and General Practice Section 2014 Annual Conference May 1-3, 2014, Las Vegas, Nevada Document Automation in the Cloud Virtual Lawyering on Steroids Friday,
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationSAAS MADE EASY: SERVICE LEVEL AGREEMENT
SAAS MADE EASY: SERVICE LEVEL AGREEMENT THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( SaaS Made Easy ). Capitalized terms used herein but not otherwise defined
More informationOnline Banking Requirements Listed in detail under the Access heading within the Personal Online Banking Agreement.
Clover Community Bank esign Agreement Personal Online Banking is electronic access to your accounts at Clover Community Bank. In order to participate in this convenient and secure service, please review
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationPINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM
PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is
More information2. What personal information do we collect and hold?
PRIVACY POLICY Conexus Financial Pty Ltd [ABN 51 120 292 257], (referred to as Conexus, us, we" or our"), are committed to protecting the privacy of the personal information that we collect and complying
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered
More informationCOMPUTER USE POLICY. 1.0 Purpose and Summary
COMPUTER USE POLICY 1.0 Purpose and Summary 1. This document provides guidelines for appropriate use of the wide variety of computing and network resources at Methodist University. It is not an all-inclusive
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationM E M O R A N D U M. The Policy provides for blackout periods during which you are prohibited from buying or selling Company securities.
M E M O R A N D U M TO: FROM: All Directors, Officers and Covered Persons of Power Solutions International, Inc. and its Subsidiaries Catherine Andrews General Counsel and Insider Trading Compliance Officer
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationSoftware as a Service (SaaS) ethical issues
Software as a Service (SaaS) ethical issues Marco Vallini marco.vallini@polito.it May 2009 1 Contents 1 Introduction 3 2 Scenario 3 3 Which actors are involved in SaaS? 4 3.1 Traditional software model............................
More informationOutsourcing: From Here to There
September 2013 Idaho State Bar Advocate Outsourcing: From Here to There By Mark J. Fucile Fucile & Reising LLP A key facet of the American Bar Association s recent Ethics 20/20 amendments to the Model
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationISBA Professional Conduct Advisory Opinion
ISBA Professional Conduct Advisory Opinion Opinion No. 14-03 May 2014 Subject: Digest: Ref.: Conflict of Interest; Professional Independence of Lawyer; Unauthorized Practice of Law; Sharing Fees with Non-Lawyers
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationINTERNET BANKING AGREEMENT & DISCLOSURE
INTERNET BANKING AGREEMENT & DISCLOSURE This Agreement and Disclosure sets forth your and our rights and responsibilities concerning the use of our Internet Banking Product. In this Agreement, the words
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationTHE AMERICAN LAW INSTITUTE Continuing Legal Education. Estate Planning for the Family Business Owner
91 THE AMERICAN LAW INSTITUTE Continuing Legal Education Estate Planning for the Family Business Owner Cosponsored by the ABA Section of Real Property, Trust and Estate Law and the ABA Section of Taxation
More information10 Hidden IT Risks That Threaten Your Practice
(Plus 1 Fast Way to Find Them) Your practice depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationHamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
More informationLaw Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario
PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,
More informationSoftware as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision
Software as a Service (SaaS) Contract By completing the registration form (ordering bexio), you shall become subject to the following General Terms and Conditions ("General Terms and Conditions"). I. Subject
More informationInformation Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)
Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act) The GLB Act training packet is part of the Information Security Awareness Training that must be completed by employees. Please visit
More informationProcedure for Managing a Privacy Breach
Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access
More informationCloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works
Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered
More informationWhat are the benefits of Cloud Computing for Small Business?
Cloud Computing A Small Business Guide. Whilst more and more small businesses are adopting Cloud Computing services, it is fair to say that most small businesses are still unsure of what Cloud Computing
More informationData Privacy and Security: A Primer for Law Firms
Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS
More informationETHICAL LEGAL ADVOCACY: ISSUES FOR DOMESTIC VIOLENCE
ETHICAL LEGAL ADVOCACY: ISSUES FOR DOMESTIC VIOLENCE ADVOCATES ATTORNEY- CLIENT PRIVILEGE Attorney- client privilege ABA Model Rule 1.6 Any information transmitted between a lawyer and a client in the
More information10 Hidden IT Risks That Might Threaten Your Law Firm
(Plus 1 Fast Way to Find Them) Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationELECTRONIC SERVICES AGREEMENT
ELECTRONIC SERVICES AGREEMENT Electronic Disclosure and Consent To the extent that you have given your e-sign consent, if such consent is required, you agree to receive this covering consumer online banking
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationProtection of Privacy
Protection of Privacy Privacy Breach Protocol March 2015 TABLE OF CONTENTS 1. Introduction... 3 2. Privacy Breach Defined... 3 3. Responding to a Privacy Breach... 3 Step 1: Contain the Breach... 3 Step
More informationCode - A Date Approved: July 24/01
Page 1 of 10 Date Last Revision: Feb 12/08 POLICY STATEMENT AND PURPOSE The County of Elgin provides employees, elected officials, and other organizations and individuals with access to computer and network
More information