MSBA Computer and Technology Law Section

Increasing Entrustment of Client Data to Third Parties Resulting in Modified Lawyer Obligations

Sean Harrington — Fri, 09 Dec 2011 18:13:11 -0600

In the last few years, an number of ethics opinions concerning information technology are aimed at the increasing entrustment of client data to third partis (viz. so-called "cloud computing"), and are trending along with proposed or enacted data privacy litigation across the country. For example, California’s proposed Formal Opinion 08–0002 requires a lawyer to evaluate information security and finds that “attorneys are faced with an ongoing responsibility of evaluating the level of security of technology that has increasingly become an indispensable tool in the practice of law.” State Bar of Cal. Standing Comm. on Prof’l Responsibility & Conduct, Formal Op. Interim No. 08-0002 (2010) Alabama’s Ethics Committee Opinion 2010–02 requires attorneys to exercise reasonable care against unauthorized access, which includes becoming knowledgeable about a cloud provider’s storage and security. Arizona’s Ethics Opinion 09–04 provides, in pertinent part, that:

[W]hether a particular system provides reasonable protective measures must be informed by the technology reasonably available at the time to secure data against unintentional disclosure. As technology advances occur, lawyers should periodically review security measures in place to ensure that they still reasonably protect the security and confidentiality of the clients’ documents and information.

It is also important that lawyers recognize their own competence limitations regarding computer security measures and take the necessary time and energy to become competent or alternatively consult experts in the field.

State Bar of Ariz., Ethics Op. 09-04, Confidentiality: Maintaining Client Files; Electronic Storage; Internet (12/2009) (citations and quotations omitted) (citing N.J. Ethics Op. 701).

Likewise, Opinion 842 of the New York State Bar Association requires lawyers to “stay abreast of technological advances,” (New York State Bar, Ass’n Comm. on Prof’l Ethics, Op. 842 (2010) (quoting N.Y. State 782 (2004))), and Minnesota's Rule 1.6 requires that “[a] lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer's supervision.” Minn. R. Prof'l. Conduct 1.6 cmt. 15 (emphasis added). See also Minn. Lawyers Prof’l Responsibility Bd., Op. No. 22, A Lawyer’s Ethical Obligations Regarding Metadata (2010).

And, earlier this year, the ABA Commission on Ethics 20/20 released it’s a proposal for comment regarding “lawyers’ growing use of technology, especially technology that stores or transmits confidential information.” The commission recommended amendments to Model Rules 1.6 and 5.3, adding a paragraph to the former requiring attorneys to “make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, confidential information, including information in electronic form.” The Commission also is concerned with the inadvertent transmission of information and recommend that lawyers have a duty to notify the sender of both physical and electronic information under certain circumstances.

Juror's social networking activities results in new trial for convict

Sean Harrington — Fri, 09 Dec 2011 17:47:15 -0600

The Arkansas Supreme Court reversed and remanded a death row inmate’s murder conviction, ordering a new trial because one juror slept and another used the Twitter service during court proceedings.

Significantly, the trial court instructed the jurors prior to opening arguments, as follows:

When you’re back in the jury room, it’s fine with me to use your cell phone if you need to call home or call business. Just remember, never discuss this case over your cell phone. And don’t Twitter anybody about this case. That did happen down in Washington County and almost had a, a $15 million law verdict overthrown. So don’t Twitter. Don’t use your cell phone to talk to anybody about this case other than perhaps the length of the case or something like that.

In one message, the Juror 2 wrote: “Choices to be made. Hearts to be broken...We each define the great line.” Less than an hour before the jury announced its verdict, he tweeted: “It’s over.” Others including references to the trial, such as, “the coffee sucks here” and “Court. Day 5. Here we go again.”

The supreme court observed:

Because of the very nature of Twitter as an ... online social media site, Juror 2’s tweets about the trial were very much public discussions. Even if such discussions were one-sided, it is in no way appropriate for a juror to state musings, thoughts, or other information about a case in such a public fashion . . . More troubling is the fact that after being questioned about whether he had tweeted during the trial, Juror 2 continued to tweet during the trial.

11/08/2011 CTLS meeting legislative & caselaw update/summary

Sean Harrington — Fri, 09 Dec 2011 14:11:47 -0600

Legislative Committee Report

The following are the highlights of the caselaw and legislative updates provided by the Legislative Committee:

•    Patterson v. Turner Constr. Co, 2011 NY Slip Op. 07572 (Oct. 27, 2011, Appellate Div., Supreme Court of New York, 1st Dep't) (discovering party peruse Facebook activities (including those set to private or restricted outsider access) insofar as they are relevant, in that the information contradicts or conflicts with a plaintiff's alleged restrictions, disabilities, losses and other claims.)

•    California enacted the Reader Privacy Act, updating reader privacy law to cover new technologies like electronic books and online book services as well as local bookstores.

•    Vulnerability uncovered: If one's iPhone falls into the wrong hands, Siri will obligingly disclose the owner's texts or e-mails - or send text and e-mails that appear to come from owner. This is true EVEN if the phone is locked with a PIN. This recently discovered security flaw can be corrected, but the owner must take the affirmative step of disabling Siri when the phone is locked.

•    On September 27th, Chief Judge Randall Rader of the U.S. Court of Appeals for the Federal Circuit unveiled a model order that would limit e-discovery in patent cases. He wrote that the Federal Circuit Advisory Council had unanimously voted to adopt the order. The model order contains the following provisions:

    * Metadata is excluded from e-discovery production requests without "a showing of good cause."
    * E-mail production requests must be for specific issues "not general discovery of a product or business."
    * E-mail production requests should be delayed until after disclosures about the patents, the accused uses of the invention, relevant financial information and the prior art — published information about the subject matter of the claimed invention, including issued patents.
    * E-mail requests are limited to five so-called custodians per producing party and five search terms per custodian.
    * Courts may consider up to five additional custodians per producing party and five additional search terms per custodian. Litigants who submit e-discovery requests to adversaries that exceed court orders and the parties' agreement must pay for the extra production.
    * Receiving parties are barred from using e-discovery that the producing party asserts is attorney-client privileged or work product protected.
    * The production of electronic information in a mass production, or the inadvertent release of privileged or work product protected electronic data, is not a waiver or permission to use it.

•    FCC's Net Neutrality Rules ("Preserving the Open Internet") were published Sept. 23, 2011 in the Federal Register Volum 76, No. 185.

•    Oct 3, 2011 - The Ninth Circuit unequivocally extended the protections of the Electronic Communications Privacy Act (“ECPA”) to foreign citizens yesterday. In Suzlon Energy Ltd. v. Microsoft Corp., the court held that the ECPA protects the emails of non-citizens that are stored in the United States from disclosure.

•    The Supreme Court will today (Nov. 8th) consider in U.S. v. Jones whether police need a warrant before secretly attaching a GPS tracking device to a suspect's car.

2011 Computer and Technology Law Institute

Sean Harrington — Wed, 12 Oct 2011 17:43:03 -0500

Next week is, October 20, is the 2011 Computer & Technology Law Institute!

The conference includes sessions with the latest news, thoughtful analysis and practice tips about today’s key computer and tech law issues.

Featuring:

Erica Newland, Center for Democracy & Technology, Washington DC, and Jerry Cerasale, Direct Marketing Association, Washington DC, on “On-Line Behavioral Advertising”
Jon M. Garon on “Navigating through the Cloud – Legal and Regulatory Management for Software as a Service”
Outstanding faculty including in-house perspectives from 3M, Best Buy, Medtronic, SunGard and Wells Fargo
Nine information-packed, practical sessions including focus on cloud computing questions and answers; mobile data security; insurance coverage for data breaches; Internet power-houses’ policies and practices “as law” – plus your critical year in review
6.75 credits including 1.0 ethics credit (applied for)
And more!

More details are available here (opens in a new window).