General Practice, Solo & Small Firm DivisionMagazine
Volume 17, Number 6
KEEPING SECRETS SECRET SAFEGUARDING CLIENT CONFIDENTIALITY IN YOUR LAW OFFICE
By Ron Anteau and Nancy Wolff
Personnel. The first place to address the issue of confidentiality is in a law firm policy manual. This document is given to all employees and generally requires them to acknowledge in writing that they have received, read, and understood it. Temporary employees may be required to sign a confidentiality statement. All personnel should be instructed not to discuss any case outside the confines of the law office or in common areas where conversations can be overheard. Although most law firms have strict policies about fielding telephone calls from the press, family lawyers should remember that reporters show up in unexpected places. Avoid conversations about clients in an elevator, garage, restaurant, or restroom. Adhere to a strict policy with regard to accidental encounters with clients outside the office. For example, if dining in the same restaurant as one of your clients, do not acknowledge the client's presence unless you know in advance that it is okay to do so. Premises. The layout of your office can contribute greatly to confidentiality. Consider moving to a building in which your clients can travel directly from a private parking garage to the office, avoiding the main lobby, and in which the reception area is configured to allow clients to remain private. Spending a little time thinking about the appropriateness of glass entrance doors or the positioning of a reception-area couch can make a big difference to a client who is concerned about anonymity. Soundproofing is also important. If possible, build walls that go from "slab-to-slab," and add extra soundproofing material within the drywall. If the cost is prohibitive, soundproof at least around conference rooms and partner offices. Clients. All lawyers want to avoid even the notion of a conflict of interest, but sometimes a confidentiality issue arises. For instance, if it is firm policy that all employees have access to the "conflict" database or, at the very least, are informed of all potential new clients, then provisions must be made for times when there might be sensitivity to certain names. Common sense tells us that if the potential client is notable, you are more likely to know whether a conflict exists even before performing the test. However, we recommend a limited test to perhaps all originating attorneys. A difficult question arises when your "conflicts check" reveals a conflict. It would be inappropriate, for example, to tell your client's or your prospective client's spouse that you cannot represent him or her because doing so would create a conflict. Revealing that you represent the spouse discloses confidential information. One policy may be to say that at this point in time, your caseload dictates that you not take any new matters. Assuming no conflict exists, your new notable client still requires protection. My firm has been known to assign pseudonyms to our notable clients so that even our own staff is less aware of their presence. Notable clients, however, are not the only clients who need protection. We have had clients who did not want their secretaries or receptionists to know what was happening in their personal lives. Once again, a pseudonym was used, but this time we were the ones to assume a different name when we called the client. Files. Most firms maintain an open file room where everyone can come and go as they please and read anything they want. If nothing else, limit the number of employees permitted access to files. Institute a sign-out sheet for any file or document within a file, whether it is being copied or reviewed. Allow only a select few people to remove files from the premises. It is also imperative to have filing cabinets that lock. Beyond that, it may be easier to keep certain files in locked storage areas or private offices where a lock or combination will prevent myriad problems. Although files stored off site generally are closed matters, always use a reputable storage company that will sign a confidentiality agreement. For added security, do not store file indexes with the actual files, so that locating specific documents by unauthorized individuals will be more difficult and time consuming. Code your boxes with numbers rather than names. For added security, maintain sensitive materials in your office and send all other items to storage. When things need to be copied, use in-house staff whenever possible. If you must send items out, have the vendor sign a confidentiality agreement. Before tossing paper in the recycling bin, shred each page. Protect all computers with passwords so that no one can simply sit down at a workstation and access client information. Pass-words can be used on a directory level as well as on a user level to safeguard sensitive directories or specific documents. In addition, any computer with a modem is vulnerable to hackers who can dial directly into your system and download information. Consult your computer technician to find the optimum protection. Your computer technician can create what is known as a firewall, which is basically a series of encrypted passwords that block access by an unauthorized person. Halt Hackers. Inquire about software that will prevent unauthorized users from downloading or archiving information. At the least, you should be informed immediately of such activity. Know at all times where your computer files are, including backup tapes. Telephones, cell phones, fax machines, and e-mail require their own protections. When you establish phone service, ask for Caller ID blocking. Caller ID boxes make it possible to identify a caller before the telephone is answered, even if it is not answered. You do not want the wrong spouse learning from a Caller ID printout that a mate has contacted a divorce lawyer. If you or your client must use a cordless telephone, be sure to use a 900-megahertz cordless phone, the only telephone on the market that scrambles the signal and prevents eavesdropping by radio. With speakerphones, institute a policy that requires an attorney on a speakerphone to close his or her office door. Never use speakerphones in common areas. Cell phone service should be equipped with Caller ID blocking, and, as with 900-megahertz phones, your office telephone should be digital, to minimize eavesdropping. Don't forget to lock your telephone when it is not in use, preventing anyone from using your redial feature and/or accessing your preprogrammed speed dial numbers. Also obtain Caller ID blocking for your fax machine and erase any trailer that may contain your telephone number or company name. Update speed dials programmed into your machine; this will prevent your sending confidential information to an out-of-date location. When sending e-mail, make sure your intended recipient is the only person who can access your message. Be especially careful when hitting your "reply" keys. You may be going so fast that you inadvertently reply to a group rather than the sender of the original message. Most e-mail systems also provide certain sensitivity options to ensure that only the intended recipient can access your message. Ron Anteau is a partner at and Nancy Wolff is an administrator of Kolodny & Anteau in Beverly Hills, California. This article is an abridged and edited version of one that originally appeared on page 38 of Family Advocate, Winter 2000 (22:3).