BYOD: BRING YOUR OWN DEVICE

Similar documents
Ethical Considerations for Lawyers Using the Cloud

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

BYOD At Your Own Risk Working in the BYOD Era. Shane Swilley (503)

Mobile Devices in the Workplace: What Every Employer Needs to Know

Creating a Bulletproof BYOD (Bring Your Own Device) Policy for Personal Devices At Work

THE STATE BAR OF CALIFORNIA STANDING COMMITTEE ON PROFESSIONAL RESPONSIBILITY AND CONDUCT FORMAL OPINION NO

Mobile Devices Policy

plantemoran.com What School Personnel Administrators Need to know

This is not your grandfather s litigation. BUT. ediscovery Services are not legal services.

ORANGE COUNTY BAR ASSOCIATION Formal Opinion (Ghostwriting by Contract Lawyers and Out-of-State Lawyers)

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v , rev

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About

Student use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law.

Security, privacy, and incident response issues are often

Freelance Lawyers. The industry's best kept secret. Christopher Kozlowski

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

ETHICS for Lawyers and Law Firms Using Cloud Technology

CMA Shipping Ethics and E-Discovery in Shipping Disputes

ORANGE COUNTY BAR ASSOCIATION. Formal Opinion (Collaborative Family Law)

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Bring Your Own Device Security and Privacy Legal Risks

"Bring Your Own Device" Brings its Own Challenges

How To Use Social Media To Help Your Business

Outline of Session 12/2/2013. Social Media & Government Legal and Ethical Issues. Part 1 - Legal Issues More Questions than Answers?

NEW JERSEY OFFICE OF ATTORNEY ETHICS ESI & ETHICS OCTOBER 6, 2015 RONALD J. HEDGES

Preservation and Production of Electronic Records

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Bring Your Own Device (BYOD) Policy

Connecticut Bar Association

Social Media Privacy Act

POLICY REGARDING EMPLOYEE USE OF THE DISTRICT'S COMPUTER SYSTEMS AND ELECTRONIC COMMUNICATIONS

Going Mobile: Are Your Company s Electronic Communications Policies Ready to Travel?

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

Bring Your Own Device Policy

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Hot Ethics Issues for Product Liability Defense Attorneys

My CEO wants an ipad now what? Mobile Security for the Enterprise

Questions And Answers. Electron ic Monitoring in the Workplace

Practical Legal Aspects of BYOD

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

2015 WSSFC Pre-Conference Session 4 Advertising/Social Media Ethics and Malpractice Risks

Use of Mobile Apps in the Workplace:

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

BYOD Policies: A Litigation Perspective

Business or Pleasure: The Challenges of Bring Your Own Device Policies in the Workplace

FINANCIAL ADVISING BY ATTORNEYS. Prepared by Thomas E. Geyer Updated November 1, 2003

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

The New World of Social Media: Business and Legal Risks

Data Privacy and Security: A Primer for Law Firms

When HHS Calls, Will Your Plan Be HIPAA Compliant?

Southwest Airlines 2013 Terms of Use Portable Devices Feb 2013

Social Media In the Workplace

Client Advisory October Data Security Law MGL Chapter 93H and 201 CMR 17.00

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

ETHICAL ISSUES IN THE EMPLOYMENT CONTEXT

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

BRING YOUR OWN DEVICE

Mobile Device Usage and Agreement Policy

Estate Agents Authority

Cyber Self Assessment

The Ethos of Lawyers in a Networked World: Privacy, Privilege and Evolving Parameters

The Ethical Obligations of an Attorney When Using Technology

Current Trends in Litigation Involving the Use of Social Media

[BRING YOUR OWN DEVICE POLICY]

NEBRASKA ETHICS ADVISORY OPINION FOR LAWYERS No

HIPAA Security Rule Changes and Impacts

Abilene Independent School District. Bring Your Own Device Handbook

ACCEPTABLE USE POLICY

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

THE ACC, MID-AMERICA CHAPTER Mutual of Omaha Insurance Co. Omaha, NE

Practice Resource. Sample internet and use policy. Foreword. Policy scope. By David J. Bilinsky 1

Pierce County Policy on Computer Use and Information Systems

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

Odessa College Use of Computer Resources Policy Policy Date: November 2010

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Standard: Information Security Incident Management

BYOD Policy for [AGENCY]

TOLLAND PUBLIC SCHOOLS Tolland, Connecticut

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

UPDATES TO ETHICAL ISSUES FOR TRUST AND ESTATE LAWYERS New and Revised Rules of Professional Conduct on the Way (We think!)

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Social Media And the Workplace. Scott Patterson Labor and Employment Attorney Butzel Long

Bring Your Own Device (BYOD) and Mobile Device Management

HIPAA Privacy & Security Rules

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

OUTLINE AND OBJECTIVES

Creating a Bulletproof BYOD (Bring Your Own Device) Policy for Personal Devices At Work

CHAPTER 1 ELECTRONIC IQ: SOCIAL MEDIA AND CLOUD COMPUTING. WSBA Law of Lawyering Conference December 18, Mark J. Fucile

UNC School of Dentistry Personally-Owned Computing Device Policy (BYOD)

POLICY NO September 8, 2015 TITLE: INTERNET AND USE POLICY

Discussion of Electronic Discovery at Rule 26(f) Conferences: A Guide for Practitioners

Adams County, Colorado

CODE OF ETHICS AND BUSINESS CONDUCT

LEBANON LOCATOR: (a) & (a) Board of Education SECTION: PERSONNEL POLICY INFORMAL APPROVAL DATE: 11/22/11 FORMAL APPROVAL DATE: 4/10/12

SURVEY RESULTS CYBER-SECURITY PRACTICES OF MINNESOTA REGISTERD INVESTMENT ADVISERS

Transcription:

BYOD: BRING YOUR OWN DEVICE PART 5 OF THE LAW PRACTICE MANAGEMENT SERIES Sarah Banola Cooper, White & Cooper LLP James Y. Wu Law Office of James Y. Wu

Bring Your Own Device (BYOD)Trend Increased use of smartphones and tablets Increased productivity and employee satisfaction versus higher security risks and less control over firm and client data Potential cost savings versus costs of maintaining, enforcing and supporting BYOD

BYOD Practice and Policy Audience Survey How many individuals use personal smartphones, tablets or laptops for work? How many law firms/companies have BYOD policies? Does the policy prohibit the use of any devices for connecting to the firm's system? Does the policy provide for mobile device tracking? How many law firms/companies assist with costs?

ILTA 2012 Technology Survey Results 94% of attorneys access email via wireless devices. 26% of attorneys use tablets/ipads. 85% of firms provide financial support for smartphones.

ILTA 2012 Technology Survey Results* 83% of firms require a password for wireless email devices. 39% of firms have laptop hard drive encryption, but only 26% have automatic content-based email encryption. 66% of firms do not use a third party system for mobile device management (MDM). Only 5% provide for theft-tracking (blackberry/iphone tracing. *http://www.iltanet.org/techsurvey

Pertinent Rules of Professional Conduct RPC as basis for discipline versus common law standard of care The California State Bar Board of Trustees recently approved proposed new Rules of Professional Conduct that are currently under consideration for adoption by the California Supreme Court.

Pertinent Rules of Professional Conduct In August 2012, the ABA approved recommendations by the Ethics 20/20 Commission to amend the ABA Model Rules to address lawyers use of new technology. California lawyers may also look to the Model Rules and ethics opinions for guidance on BYOD practices and policies. See CRPC 1-100(A); Vapnek, Tuft, Peck & Wiener, Cal. Prac. Guide: Professional Responsibility, 1:88-90 (The Rutter Group, a division of West, a Thomson Reuters business, 2012).

Duty of Competence California Rule of Professional Conduct (CRPC) 3-110 (Failing to Act Competently) ABA Model Rule 1.1 (Competence) Revised Comment [8] confirms that the duty of competence includes "keeping abreast of... the benefits and risks associated with relevant technology."

Duty to Supervise The duty of competence includes "the duty to supervise the work of subordinate attorney and non-attorney employees or agents." Discussion to CRPC 3-110. Model Rule 5.1 (Responsibilities of a Partner or Supervisory Lawyer) Model Rule 5.2 (Responsibilities of a Subordinate Lawyer) Model Rule 5.3 (Responsibilities Regarding Nonlawyer Assistance) New Comments [3]-[4] clarify a lawyer's duties when outsourcing legal work to non-lawyer service providers

Duty of Confidentiality-California Law California Business & Professions Code 6068(e)(1) (duty of attorney "[t]o maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client.") CRPC 3-100 (Confidential Information of Client) Lawyers must take reasonable measures to safeguard confidential client information and may need to consult with someone who possesses the requisite technical knowledge. See Cal. State Bar Formal Opns. 2010-179 & 2012-184.

Duty of Confidentiality Amended Model Rule 1.6 New paragraph (c) requires lawyers to undertake reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or access to, confidential client information. New comment [18] addresses safeguarding confidential client information and includes the duty to prevent unauthorized disclosure by staff.

CRPC 3-500 Duty of Communication Duty to keep the client "reasonably informed about significant developments" and "to promptly respond to reasonable requests for information." Model Rule 1.4 Revised Comment [4] reflects changes in communication technology and requires a lawyer to promptly respond to or acknowledge client communications. Client instructions

Rule 1-400 Advertising and Solicitation Model Rules 7.1-7.3 Revisions to comments address a lawyer's use of technology for client development Model Rule 7.1, Comment [3], Model Rule 7.2, Comments [1]-[3], [5] and Model Rule 7.3, Comments [1], [3]. Duty of Candor Specialist Standard of Care. See Wright v. Williams, 47 Cal.App.3d 802, 810 (1975)

Multijurisdictional Practice CRPC 1-300 (Unauthorized Practice of Law) Model Rule 5.5 (Unauthorized Practice of Law; Multijurisdictional Practice of Law)

Multijurisdictional Practice Unauthorized practice of law as a misdemeanor. Bus. & Prof. C. 6126. Practice of law includes rendering legal advice and preparing legal instruments and contracts for California clients. See Birbrower, Montalbano, Condon & Frank, P.C. v. Sup. Ct., 17 Cal.4 th 119, 128-129 (1998); Estate of Condon, 65 Cal.App.4 th 1138, 1142-1143 (1998). Associating local counsel does not necessarily solve issue.

Security of Confidential Information Reasonable steps are required Factors to consider: Level of security offered by particular device Legal consequences for unauthorized use or access Sensitivity of information Potential impact to client of inadvertent disclosure of privileged or confidential information or work product Urgency of the situation Client directions and circumstances Cal. State Bar Formal Opn. 2012-184.

Suggested Practices Involvement of IT staff or consultants Inventory of devices Attorneys must manage the security policies and practices Training

Suggested Security Measures Password Protection Encryption Firewalls Firmware updates and antivirus software Virtual Private Network (VPN)

Suggested Security Measures Mobile Device Management Outside vendor agreements. For suggested terms, see state bar ethics opinions including Cal. State Bar Opn. 2010-179; Oregon State Bar Opn. 2011-188; North Carolina State Bar Opn. 2011-6 Data backup Employee departure procedures Regular audits and software updates

Internal Breach Notification Procedures Reporting lost or stolen devices Remote locking or wiping Enabling "find my phone" or similar applications External Duty of Communication "If lawyer's conduct of the matter gives the client a substantial malpractice claim against the lawyer, the lawyer must disclose that to the client." RESTATEMENT (THIRD) OF THE LAW GOVERNING LAWYERS 20, cmt. c (2000).

Prohibit wiping devices Litigation Holds Obtain written consent to copy data to meet litigation hold requirements Duty of good faith and reasonable inquiry in responding to discovery E-discovery obligations

BYOD Written Policies Policies must be realistic Evaluate enforcement and compliance costs versus employee mobility and productivity Establish ownership of firm and client data

BYOD Written Policies Require employees maintain confidentiality of firm and client data on personal devices Require password, anti-virus, firewall and encryption Prohibit highly confidential information and trade secrets from being copied and saved on devices Separate server and access controls for sensitive data

BYOD Written Policies Consent to monitoring to reduce reasonable expectation of privacy Segregation of personal and firm/client data Consent to remote locking or wiping in event of security breach, theft, loss of device, or employee departure

BYOD Written Policies Restrictions on downloading certain applications that pose security risks Specify any prohibited devices Cloud storage and security of firm data (e.g., Dropbox, icloud) Use of personal devices and connecting to public Wi-Fi network. See Cal State Bar Formal Opn. 2010-179

BYOD Written Policies Regular reviews and updates Written consent to terms of policy For additional suggested terms and conditions, see ACC Top 10 Tips. http://www.acc.com/legalresources/publications/topten/tttfm tbyodttwe.cfm

Summary Who: All law firms and attorneys What: Secure client information on personal devices Ensure firm has written BYOD policy Why: Comply with professional obligations Prevent lawsuits Protect client information Maintain clients When: ASAP

James Y. Wu Law Office of James Y. Wu

Why Have BYOD By adopting a BYOD policy, employers may: Reduce their technology expenses by reducing or eliminating their need to provide employees with devices and phone or data plans. Take advantage of new technology supplied by individual employees rather than wait for the budget to purchase new devices for the entire workforce. Accommodate an employee's wish to carry one device for all uses, instead of separate devices for work and personal use. Enable employees to more easily work in their preferred operating system. JamesWulaw.com

After-Hours Work When nonexempt employees use PDAs, laptops, smartphones, or ipads to check work email and voicemail or to send text messages after-hours, is the time compensable? Class actions filed: May 2010: Lawsuit filed against City of Chicago by nonexempt police sergeants contending they were not compensated for responding to and receiving after-hours e-mails, phone calls, and text messages. July 2009: Lawsuit filed against T-Mobile USA Inc. by employees claiming they were required to use company-issued smartphones to respond to work messages after hours without pay. JamesWulaw.com

Best Practices: After-Hours Work Do not issue PDAs, etc. to non-exempt employees. If you do issue these devices to non-exempt employees, or if employees BYOD, adopt a policy prohibiting non-exempt employees from performing work on company-issued PDAs, etc. after work hours, with disciplinary consequences. Educate managers that they should not require or expect nonexempt employees to check email, voice mail, etc. after work hours. Instruct managers to avoid unnecessary communication with nonexempt employees after-hours so that employees do not feel compelled to respond and/or work overtime. Pay for all hours worked, even if worked after hours. JamesWulaw.com

Employee Privacy and BYOD Employers can control and set no expectation of privacy for employees using employer-provided resources With BYOD, however, employees have a greater expectation of privacy Personal data stored on an employee's device including: Photos Videos Texts Email Personal contacts JamesWulaw.com

BYOD and Social Media Started out as emailing Now it includes so much more: Facebook, Google +, LinkedIn, MySpace Twitter Skype Blogs Texting Instant Messaging YouTube JamesWulaw.com

Some Words About Passwords Recently reported that some employers were requiring applicants to turn over login credentials to the prospective employer (or to allow the employer to view a personal social media account during an interview). Huge public backlash. Facebook s Chief Privacy Officer issued a statement titled Protecting Your Passwords and Your Privacy that warned employers to not require passwords from applicants and employees. JamesWulaw.com

Some Words About Passwords State legislators have also been quick to hop on this issue: On May 2, 2012, Maryland became the first state to pass a law specifically restricting employers from seeking login credentials from applicants and employees. California - Limitations on employers ability to request social media information AB 1844 Labor Code Section 980 Employers cannot request social media information unless needed for an investigation of employee misconduct Social media broadly defined (email and text accounts too) Exceptions for misconduct, crime, or investigations Retaliation is prohibited JamesWulaw.com

The NLRB Chimes In The National Labor Relations Board enforces the National Labor Relations Act (NLRA). Not just for unionized workplaces. Under Section 7 of the NLRA, employees have certain rights to participate in concerted activities to improve working conditions and/or terms of employment. The NLRB s General Counsel has focused attention on employee social media use under Section 7 of the NLRA. JamesWulaw.com

The NLRB Chimes In The NLRB s General Counsel has released three comprehensive reports regarding social media policies and employer practices. August 2011 Report: http://mynlrb.nlrb.gov/link/document.aspx/09031d458056e743 January 24, 2012 Report: http://mynlrb.nlrb.gov/link/document.aspx/09031d45807d6567 May 30, 2012 Report: http://mynlrb.nlrb.gov/link/document.aspx/09031d4580a375cd JamesWulaw.com

The NLRB Chimes In Best Practices for a BYOD and Social Media Policy: Have a clear policy, with a lot of examples, regarding approved and prohibited BYOD, internet, social media and email use. Routinely review your policy to ensure that it is current with latest legal developments. Train supervisors and managers on the policy, and to avoid acting too quickly. Require employees to sign an acknowledgment of receipt. Include an NLRA savings clause. Have separate and additional policies geared to those employees who do and who do not blog/use social media as part of their job duties. JamesWulaw.com

Additional Legal Issues Connected to BYOD Employers Discrimination/harassment/retaliation Workplace Violence Privacy monitoring employees Trade Secret/Confidential Information Cell phone use/texting while driving Telecommuting policies JamesWulaw.com

THANKS FOR YOUR ATTENTION! FOR ADDITIONAL INFORMATION: SARAH BANOLA 415.765.0308 sbanola@ www. http://www.linkedin.com/profile/sbanola JAMES Y. WU 925.658.0300 james@jameswulaw.com www.jameswulaw.com http://www.linkedin.com/in/jamesywu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information