This month’s focus is on file sharing and the tools to help you and your clients share files safely. The Dalai Lama (XIV) proclaimed you should “[s]hare your knowledge. It is a way to achieve immortality.” Knowledge and information between you and your clients or coworkers must be shared, and it needs to be shared timely. It also needs to be shared safely and responsibly. To achieve that end, look to some of the tips below on file sharing.
1. Brush Up on Your Ethical Duties Concerning Client Confidentiality. (See Model Rule 1.6.)
Model Rule 1.6 focuses on the Confidentiality of Information. Section 1.6(c) advises that a “lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” This section requires attorneys to act competently and safeguard information relating to the representation of a client.
2. Include a Privacy or Confidentiality Statement in the Message Body of Your Email.
This measure alone will not be enough to protect you, especially if your privacy statement is located at the end of your message. By the time the reader reaches the statement, he or she will have already read the message. If the information contains sensitive information, consider putting a privacy disclaimer in the subject line. This still will not protect the information if it falls in the wrong hands, but it will at least deter some of the possible innocent exposure opportunities. A sample privacy or confidentiality statement may include language such as “This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.” You may also want to add references to specific parts of HIPAA or FERPA if your practice focuses on those areas and you would like to further encourage compliance.
3. Encrypt Any Documents You Send With Sensitive Information.
There are numerous encryption services out there you can use. Two that the authors like and use frequently are 7-Zip and BitLocker. Both are free. You should encourage your client to use one for the information he or she sends to you as well. You may want to incorporate the use of this type of software as the standard means of data protection when drafting your client engagement letter. That would be a good time to decide on a unique password for you and your client to use when encrypting the files.
4. Encrypt Documents You Share via File-Sharing Services Like Dropbox.
If you choose to avoid email and exclusively exchange files via an online file-sharing system, you should still encrypt the files you store there. Sookasa is a cloud security company that provides seamless Dropbox encryption, and complies with both HIPAA and FERPA regulations. Until recently both the sender and the recipient needed to have Sookasa installed in order to open files. However, earlier this month Sookasa announced the launch of a full file delivery platform, allowing nonusers to upload and send documents through a link provided by Sookasa, with Sookasa encrypting the uploads for the nonuser. This means that if a client needs to send sensitive information to her counsel, she simply clicks the link provided by her counsel and uploads the document. From there it is encrypted by Sookasa, and the file is transferred directly to a secure subfolder in the counsel’s account.
5. USB Thumb/Flash Drives Are Also Susceptible to Inadvertent Disclosure.
Thumb drives may seem like a small, portable hard drive that you can hold on to, but they are only as secure as you make them. If the drive is not encrypted and password protected, then it is only secure if it stays in your possession. There are several free to low-cost options available for you. Truecrypt is one that the authors prefer that can easily encrypt thumb or flash drives.
Attorneys have a duty to provide effective and efficient service to their clients. Using and sharing digital files are a means of achieving this end; however, these tools must still be used cautiously. With a little upfront work you can create a security data management and exchange system that will protect both you and your clients. Hopefully these tips will offer some useful guidance as you go about creating your system.