LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

Size: px
Start display at page:

Download "LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)"

Transcription

1 CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access via the Internet to processing power, storage, software or other computing services, often via a web browser. Typically these services will be rented from an external company that hosts and manages them. (The Free On-line Dictionary of Computing) From ASP to SaaS to the Cloud B. Cloud Spotting Public Clouds Community Clouds Hybrid Clouds Private Clouds C. Why Lawyers Have Their Head In The Clouds Universal Access Collaboration With colleagues With clients Cost Containment Software and hardware IT Client Demands Pseudo-Backup/Disaster Recovery D. Clouds On The Horizon (Risks/Issues) Loss or interception in transmission Unauthorized access to client information by vendor or outsiders Inadequate physical or electronic security of servers (frequently located overseas) Governmental server seizure or demands for access

2 Migration Is Client Notice or Consent Required? E. Rules For The Cloud (Colo. RPCs) 1.1 Competency 1.6(a) Confidentiality Security of Data 1.15(a) Safekeeping Property Identification and Segregation of Data Integrity of Data Reasonable, not perfect, care and security required 1.16(d) Surrendering Records on Termination of Representation Colo. 1.16A (February 10, 2011) Records retention F. Recent and Significant Ethics Opinions ABA Commission on Ethics 20/20 Initial Draft Proposals Technology and Confidentiality (2 May 2011). In implementing cloud computing, law firms should consider and provide for (1) the potential for theft, loss or disclosure of confidential information; (2) unauthorized access to confidential client information by a cloud vendor s employees or others; (3) security for data stored on servers in certain countries; and (4) provider s procedures for responding to and resisting government requests to access information. Alabama State Bar Disciplinary Comm n Op The duty of reasonable care requires the lawyer to become knowledgeable about how the provider will handle the storage and security of the data being stored and to reasonably ensure that the provider will abide by a confidentiality agreement in handling the data If there is a breach of confidentiality, the focus of any inquiry will be whether the lawyer acted reasonably in selecting the method of storage and/or the third party provider. Arizona Bar Op (Dec. 2009) [W]hether a particular system provides reasonable protective measures must be informed by the technology reasonably available at the time to secure data against unintentional disclosure. N.J. Ethics Op. 701 As technology advances occur, lawyers should periodically review security measures in place to 2

3 ensure that they still reasonably protect the security and confidentiality of the clients documents and information. State Bar of California, Formal Op. No In implementing cloud computing, law firms should consider and provide for (1) the sensitivity of the stored information; (2) the possible impact on the client of inadvertent disclosure; (3) the urgency (or lack) of the situation requiring cloud storage; and the client s instructions regarding the use of certain technology and the client s circumstances. Colo Bar Ass n Ethics Op. 90, Preservation of Client Confidences in View of Modern Communications Technology (14 November 1992). It is impossible to predict how technological advances will alter the means by which communications can be conveyed or intercepted. However, regardless of technological developments, the attorney must exercise reasonable care to guard against the risk that the medium of the communication may somehow compromise the confidential nature of the information being communicated. Colo. Bar Ass n Abstract No Colo. RPC 1.16(d) requires that, upon request, an attorney provide client papers in electronic format Iowa State Bar Ass n Comm. on Ethics and Practice Guidelines, Op (9 September 2011). Concluding that lawyers (1) may use the cloud provided lawyer has unfettered access to the data and can reasonably verify that sound methods are being used to protect the information; (2) Lawyers have an obligation to perform due diligence to assess the degree of protection that will be needed and to act accordingly ; (3) need not take extraordinary security measures if the method of communication affords a reasonable expectation of privacy, ; and (4) special precautions may be called for depending upon the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. Nev. State Bar Standing Comm. on Ethics & Prof l Responsibility Op. 33 (9 February 2006). Approving lawyer s use of cloud computing if attorney uses care in selection and vendor promises to keep the information confidential. N.J. Supreme Court Advisory Comm. on Prof l Ethics Op. 701 (2006). Approving lawyer s use of cloud computing so long as the lawyer is satisfied that the service has an enforceable obligation to protect the files and uses proper technology to guard against hacking. New York State Bar Opinion 842 (10 September 2010). Adopting reasonable care standard for remote third-party storage if the attorney (1) has an enforceable obligation to preserve confidentiality; (2) investigates the online data storage provider s security measures, policies, recoverability methods; (3) employs technology to guard against reasonably foreseeable attempts to infiltrate the stored data; (4) investigates the storage provider s ability to purge and wipe copies of the firm s data and move it to a different host at the lawyer s request. 3

4 N.C. Ethics Op. 6, Subscribing to Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property (2011)(proposed). Approving lawyer s use of remote third-party storage if attorney (1) has an agreement with the vendor specifying that data will be hosted only within a specified geographic area. (If data is hosted abroad attorney must determine that the hosting jurisdiction has privacy laws, data security laws, and protections against unlawful search and seizure that are as rigorous as those of the United States and the state of North Carolina); and (2) advises affected parties if there is reason to believe that the chosen communications technology presents an unreasonable risk to confidentiality. Pennsylvania Ethics Informal Op (10 January 2011). Approving lawyer s use of cloud computing so long as the lawyer takes appropriate measures to protect client confidentiality. G. Tips To Avoid Getting Soaked By A Cloudburst: 1. Adopt a thoughtful policy regarding what information to not put in the cloud 2. Adopt a File Retention Policy Comply with Colo. 1.16A 3. Who will have access to stored data? Firm employees? Vendor employees? Contractors/consultants? Experts? Clients? Witnesses? If clients and others are allowed access to a limited portion of the data, do they gain access to other data? 4. Review professional liability insurance policies for cloud coverage 5. Stay abreast of technological developments to make sure reasonable security measures are adopted and maintained 6. Secure All Runways to the Cloud Passwords (policy and security) Firewalls and intrusion detection Don t forget iphone, ipads, and BYOD access 7. Backups (Mirroring) 4

5 8. Disaster Recovery Programs 9. Vendor Due Diligence Where are the servers located? Who has access to the servers (physically and remotely)? Does the vendor actually control the servers? What is the procedure for terminating the relationship and retrieving the data? How migratable is the data? How segregable is the data? Analyze vendor s systems, physical and electronic security measures, organizational and administrative safeguards, policies, history and audits How is the data stored (formats)? Is (and how is) data encrypted? What software and hardware firewalls are in place? Does the vendor allow the use of higher level encryption tools than those provided by the service? Are independent security audits and reports provided? Are independent uptime audits and reports provided? Who has access to data besides the lawyer? Does the lawyer have unlimited access to his/her data? How? What is the vendor s procedure if access is denied? Who has access to the lawyer s passwords? How, and how quickly, are notices of security breaches provided? What is the vendor s response plan for security breaches? Is the vendor insured for security breaches? Amount of coverage? Does the vendor have adequate backup and disaster recovery capabilities? How does lawyer access and retrieve data if requested by client or required by ED? Examine data protection laws, export controls and local laws regarding privilege and search and seizure of servers or data for overseas servers Regulatory requirements (Patriot Act, HIPPA, etc.) 5

6 What are the fees for the cloud service? (overhead or client-chargeable?) Can vendor destroy data for nonpayment? 6

Ethical Considerations for Lawyers Using the Cloud

Ethical Considerations for Lawyers Using the Cloud Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012

More information

Advisory Committee on Professional Ethics. Appointed by the Supreme Court of New Jersey

Advisory Committee on Professional Ethics. Appointed by the Supreme Court of New Jersey N.J.L.J. N.J.L. Advisory Committee on Professional Ethics Appointed by the Supreme Court of New Jersey Opinion 701 Advisory Committee on Professional Ethics Electronic Storage And Access of Client Files

More information

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World Every Cloud Has A Silver Lining Protecting Privilege Data In A Hosted World May 7, 2014 Introduction Lindsay Stevens Director of Software Development Liquid Litigation Management, Inc. lstevens@llminc.com

More information

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center Not since the terms cyberspace and Y2K has there been an inexact technology term

More information

CLOUD COMPUTING AND THE ETHICAL CHALLENGES

CLOUD COMPUTING AND THE ETHICAL CHALLENGES CLOUD COMPUTING AND THE ETHICAL CHALLENGES Prepared for Multi-Track Federal Criminal Defense Seminar: Strategies for Defending Complex Cases AOKI LAW PLLC Russell M. Aoki Coordinating Discovery Attorney

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

Connecticut Bar Association

Connecticut Bar Association Connecticut Bar Association Professional Ethics Committee 30 Bank Street PO Box 350 New Britain CT 06050-0350 06051 for 30 Bank Street P: (860) 223-4400 F: (860) 223-4488 Approved June 19, 2013 Informal

More information

( and how to fix them )

( and how to fix them ) THE 5 BIGGEST MISTAKES LAWYERS MAKE WHEN CHOOSING A CLOUD SERVICE PROVIDER ( and how to fix them ) In recent years, an increasingly large number of law firms have moved their software and data to the cloud.

More information

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

Litigating in the Cloud - Security Issues for the Trial Practice

Litigating in the Cloud - Security Issues for the Trial Practice Litigating in the Cloud - Security Issues for the Trial Practice J. Walter Sinclair Stoel Rives LLP 101 S. Capitol Blvd, Suite 1900 Boise, Idaho 83702-7705 (208) 389-9000 jwsinclair@stoel.com Mr. Sinclair

More information

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About Kelly H Twigger, Esq. Oil and Gas Symposium Arkansas Law Review October 16-17, 2014 Overview In the last two decades, business

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice

LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice LSSA 2014 1 Use of Internet-Based Technologies in Legal Practice LSSA Guidelines Version 1.0 November 2014 2 Foreword Please

More information

ETHICS for Lawyers and Law Firms Using Cloud Technology

ETHICS for Lawyers and Law Firms Using Cloud Technology ETHICS for Lawyers and Law Firms Using Cloud Technology Donna Kirk Seyle ~ Legal Tech Advisor: Law Practice Strategy 108 MONTESANO ST SANTA CRUZ, CA 95062 (831) 332-2243 Donna Seyle is an attorney, author,

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

ProFESSIONAL COUNSELSM

ProFESSIONAL COUNSELSM ProFESSIONAL COUNSELSM Advice and Insight into the Practice of Law Caution in the Cumulus: Lawyers Professional & Ethical Risks and Obligations Using the Cloud in Their Practice A Cna Professional Counsel

More information

10 Ways to Avoid Ethics Dangers in the Cloud

10 Ways to Avoid Ethics Dangers in the Cloud 877.557.4273 catalystsecure.com ARTICLE 10 Ways to Avoid Ethics Dangers in the Cloud Is Cloud Computing Bob Ambrogi, Esq. Director of Communications, Catalyst Repository Systems Is Cloud Computing Ethical

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

NEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES

NEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES NEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES 1 A SHORT INTRODUCTION TO ESI & ediscovery 2 MATERIALS R.J. Hedges, Electronic Discovery: Trends & Developments Under

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Email Data Security. The dominant business communication tool

Email Data Security. The dominant business communication tool Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools

More information

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central. POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

What s the Path? Information Life-cycle part of Vendor Management

What s the Path? Information Life-cycle part of Vendor Management Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

Introduction to Cloud Computing and Its Ethical Implications Is There a Silver Lining?

Introduction to Cloud Computing and Its Ethical Implications Is There a Silver Lining? NYPRR May 2010 Introduction to Cloud Computing and Its Ethical Implications Is There a Silver Lining? BY JEREMY R. FEINBERG AND MAURA R. GROSSMAN This article is Part one of two and is reprinted with permission

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

Cloud Computing A Silver Lining or Ethical Thunderstorm for Lawyers?

Cloud Computing A Silver Lining or Ethical Thunderstorm for Lawyers? Consultus Electronica Cloud Computing A Silver Lining or Ethical Thunderstorm for Lawyers? by James M. McCauley, Ethics Counsel, Virginia State Bar Because of the flagging economy, businesses and professionals

More information

Hot Ethics Issues for Product Liability Defense Attorneys

Hot Ethics Issues for Product Liability Defense Attorneys Hot Ethics Issues for Product Liability Defense Attorneys Dane S. Ciolino Loyola University New Orleans College of Law 6363 Saint Charles Ave New Orleans, LA 70118 (504) 861-5652 dciolino@loyno.edu Return

More information

2014 NMSBA School Law Conference

2014 NMSBA School Law Conference 2014 NMSBA School Law Conference STUDENT PRIVACY IN THE CLOUD Andrew M. Sanchez Jun Roh June 7, 2014 Student Privacy Concerns What is cloud computing? Kinds of Clouds: Public Cloud managed, owned and provided

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Virtual Law Practice and the Online Delivery of Legal Services

Virtual Law Practice and the Online Delivery of Legal Services Virtual Law Practice and the Online Delivery of Legal Services presented by Stephanie Kimbro Attorney, Kimbro Legal Services Technology Consultant, Total Attorneys Canadian Discipline Administrators Conference

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

BYOD: BRING YOUR OWN DEVICE

BYOD: BRING YOUR OWN DEVICE BYOD: BRING YOUR OWN DEVICE PART 5 OF THE LAW PRACTICE MANAGEMENT SERIES Sarah Banola Cooper, White & Cooper LLP James Y. Wu Law Office of James Y. Wu Bring Your Own Device (BYOD)Trend Increased use of

More information

BYOD Policies: A Litigation Perspective

BYOD Policies: A Litigation Perspective General Counsel Panel Reveals the Real Deal BYOD Policies: A Litigation Perspective By Andrew Hinkes Reprinted with Permission BYOD Policies: A Litigation Perspective By Andrew Hinkes Bring-your-own-device

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 ) Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 ) Overview: The Bring Your Own Device (BYOD) program allows employees to use their own computing

More information

Privacy Policy. PortfolioTrax, LLC. 2015 v1.0. PortfolioTrax, LLC Privacy Policy 2

Privacy Policy. PortfolioTrax, LLC. 2015 v1.0. PortfolioTrax, LLC Privacy Policy 2 Privacy Policy 2015 v1.0 Privacy Policy 2 Document Controls and Review This document is to be reviewed once every two quarters and updated to account for any changes in privacy practices that may not have

More information

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen Supplementary data protection agreement to the license agreement for license ID: between...... represented by... Hereinafter referred to as the "Client"

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

Making the leap to the cloud: IS my data private and secure?

Making the leap to the cloud: IS my data private and secure? Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about

More information

ETHICS OPINION 2010 02. Retention, Storage, Ownership, Production and Destruction of Client Files

ETHICS OPINION 2010 02. Retention, Storage, Ownership, Production and Destruction of Client Files ETHICS OPINION 2010 02 Retention, Storage, Ownership, Production and Destruction of Client Files Introduction Formal Opinions 1986 02, 1993 10, 1994 01 are the most recent pronouncements of a lawyer s

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

Cloud Computing: Managing Legal Risks and Ethical Issues

Cloud Computing: Managing Legal Risks and Ethical Issues Cloud Computing: Managing Legal Risks and Ethical Issues Kathryn L. Ossian Miller, Canfield, Paddock and Stone P.L.C. A. What is Cloud Computing? I. Introduction: The Cloud Is Calling Cloud computing has

More information

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.) Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening

More information

ORANGE COUNTY BAR ASSOCIATION. Formal Opinion 2011-01 (Collaborative Family Law)

ORANGE COUNTY BAR ASSOCIATION. Formal Opinion 2011-01 (Collaborative Family Law) ORANGE COUNTY BAR ASSOCIATION Formal Opinion 2011-01 (Collaborative Family Law) Issue: Can a family lawyer enter into a collaborative law agreement consistent with her ethical duties, notwithstanding the

More information

Mac Software for the Law Office

Mac Software for the Law Office Mac Software for the Law Office Jon Lutz Electronic Services Librarian FSU College of Law Research Center Fall 2011 Florida State University College of Law Research Center Cloud Computing Florida This

More information

Bring Your Own Device Security and Privacy Legal Risks

Bring Your Own Device Security and Privacy Legal Risks Bring Your Own Device Security and Privacy Legal Risks Introduction Information Law Group, LLP National boutique firm with focus on information law Experienced, nationally-recognized privacy, technology,

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

ADMINISTRATIVE MANUAL Policy and Procedure

ADMINISTRATIVE MANUAL Policy and Procedure ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,

More information

BRING YOUR OWN DEVICE

BRING YOUR OWN DEVICE BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

An Introduction to the Technology and Ethics of Cloud Computing. Jack Newton Co founder and President Themis Solutions Inc. (Clio)

An Introduction to the Technology and Ethics of Cloud Computing. Jack Newton Co founder and President Themis Solutions Inc. (Clio) An Introduction to the Technology and Ethics of Cloud Computing Jack Newton Co founder and President Themis Solutions Inc. (Clio) what is software-as-a-service? traditional computing model The Internet

More information

PROFESSIONAL COUNSELSM

PROFESSIONAL COUNSELSM PROFESSIONAL COUNSELSM ADVICE AND INSIGHT INTO THE PRACTICE OF LAW Lawyers Toolkit 3.0: A Guide to Managing the Attorney-Client Relationship A CNA PROFESSIONAL COUNSEL GUIDE FOR LAWYERS AND LAW FIRMS The

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Norwich University Information Assurance Security Policy. Final Version 10.0 for Implementation

Norwich University Information Assurance Security Policy. Final Version 10.0 for Implementation Norwich University Information Assurance Security Policy Final Version 10.0 for Implementation Table of Contents Norwich University... 0 Information Assurance Security Policy... 0 1.0 Introduction... 2

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1 CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities

More information

LAWYER TO LAWYER MENTORING PROGRAM INTRODUCTION TO MALPRACTICE AND GRIEVANCE TRAPS

LAWYER TO LAWYER MENTORING PROGRAM INTRODUCTION TO MALPRACTICE AND GRIEVANCE TRAPS ! LAWYER TO LAWYER MENTORING PROGRAM INTRODUCTION TO MALPRACTICE AND GRIEVANCE TRAPS The following is intended to facilitate a discussion about common malpractice and grievance traps and how to recognize

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Outsourcing: From Here to There

Outsourcing: From Here to There September 2013 Idaho State Bar Advocate Outsourcing: From Here to There By Mark J. Fucile Fucile & Reising LLP A key facet of the American Bar Association s recent Ethics 20/20 amendments to the Model

More information

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups

More information

Cloud Computing and Its Impact on the Practice of Law Five Trends Lawyers Can t Ignore Thursday, May 8, 2014

Cloud Computing and Its Impact on the Practice of Law Five Trends Lawyers Can t Ignore Thursday, May 8, 2014 American Bar Association Section of Family Law 2014 Spring CLE Conference Cloud Computing and Its Impact on the Practice of Law Five Trends Lawyers Can t Ignore Thursday, May 8, 2014 Speaker: Christopher

More information

This is not your grandfather s litigation. BUT. ediscovery Services are not legal services.

This is not your grandfather s litigation. BUT. ediscovery Services are not legal services. This is not your grandfather s litigation. BUT ediscovery Services are not legal services. TYPES OF ETHICAL ISSUES THAT MIGHT ARISE IN THE CONTEXT OF ediscovery: Document collection Privacy issues Inadvertent

More information

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from

More information

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards

More information

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore: Privacy Policy DataLogic CRM, Inc. is committed to the security and privacy of our customer s data. This Privacy Policy explains our commitment to safeguarding our customers data and serves as our agreement

More information

Anatomy of a Cloud Computing Data Breach

Anatomy of a Cloud Computing Data Breach Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations

More information

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

DEPARTMENTAL POLICY. Northwestern Memorial Hospital Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines

More information

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding

More information

2015 NMSBA SCHOOL LAW CONFERENCE

2015 NMSBA SCHOOL LAW CONFERENCE 2015 NMSBA SCHOOL LAW CONFERENCE NETWORK SECURITY, DISTRICT POLICIES ON INTERNET USE, AND THE LAW Andrew M. Sanchez David A. Richter Cuddy & McCarthy, LLP 1 FEDERAL LAWS The Family Educational Rights and

More information

Some Ethical Considerations for Lawyers Using the Cloud and Operating Virtual Law Offices

Some Ethical Considerations for Lawyers Using the Cloud and Operating Virtual Law Offices Some Ethical Considerations for Lawyers Using the Cloud and Operating Virtual Law Offices Mitch Kowalski 1 Introduction Rule 3.01 (1) of the Law Society of Upper Canada s Rules of Professional Conduct

More information

ISBA Professional Conduct Advisory Opinion

ISBA Professional Conduct Advisory Opinion ISBA Professional Conduct Advisory Opinion Opinion No. 14-01 May 2014 Subject: Digest: Client Funds and Property; Fees and Expenses A lawyer may accept payment for earned services and expenses by credit

More information

Practical Legal Aspects of BYOD

Practical Legal Aspects of BYOD Practical Legal Aspects of BYOD SESSION ID: LAW-F01 Lawrence Dietz General Counsel & Managing Director TalGlobal Corporation ldietz@talglobal.net +1 408 993 1300 http://psyopregiment.blogspot.com Francoise

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

The Cloud and the Small Law Firm: Business, Ethics and Privilege. Considerations

The Cloud and the Small Law Firm: Business, Ethics and Privilege. Considerations The Cloud and the Small Law Firm: Business, Ethics and Privilege Considerations COMMITTEE ON SMALL LAW FIRMS NOVEMBER 2013 NEW YORK CITY BAR ASSOCIATION 42 WEST 44 TH STREET, NEW YORK, NY 10036 The Cloud

More information