February 01, 2015

TAPAs: Technology And Practice Advice

Jeffrey Allen and Ashley Hallene

This month’s focus is on file sharing and the tools to help you and your clients share files safely. The Dalai Lama (XIV) proclaimed you should “[s]hare your knowledge. It is a way to achieve immortality.” Knowledge and information between you and your clients or coworkers must be shared, and it needs to be shared timely. It also needs to be shared safely and responsibly. To achieve that end, look to some of the tips below on file sharing.

1. Brush Up on Your Ethical Duties Concerning Client Confidentiality. (See Model Rule 1.6.)

Model Rule 1.6 focuses on the Confidentiality of Information. Section 1.6(c) advises that a “lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” This section requires attorneys to act competently and safeguard information relating to the representation of a client.

2. Include a Privacy or Confidentiality Statement in the Message Body of Your Email.

This measure alone will not be enough to protect you, especially if your privacy statement is located at the end of your message. By the time the reader reaches the statement, he or she will have already read the message. If the information contains sensitive information, consider putting a privacy disclaimer in the subject line. This still will not protect the information if it falls in the wrong hands, but it will at least deter some of the possible innocent exposure opportunities. A sample privacy or confidentiality statement may include language such as “This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.” You may also want to add references to specific parts of HIPAA or FERPA if your practice focuses on those areas and you would like to further encourage compliance.

3. Encrypt Any Documents You Send With Sensitive Information.

There are numerous encryption services out there you can use. Two that the authors like and use frequently are 7-Zip and BitLocker. Both are free. You should encourage your client to use one for the information he or she sends to you as well. You may want to incorporate the use of this type of software as the standard means of data protection when drafting your client engagement letter. That would be a good time to decide on a unique password for you and your client to use when encrypting the files.

4. Encrypt Documents You Share via File-Sharing Services Like Dropbox.

If you choose to avoid email and exclusively exchange files via an online file-sharing system, you should still encrypt the files you store there. Sookasa is a cloud security company that provides seamless Dropbox encryption, and complies with both HIPAA and FERPA regulations. Until recently both the sender and the recipient needed to have Sookasa installed in order to open files. However, earlier this month Sookasa announced the launch of a full file delivery platform, allowing nonusers to upload and send documents through a link provided by Sookasa, with Sookasa encrypting the uploads for the nonuser. This means that if a client needs to send sensitive information to her counsel, she simply clicks the link provided by her counsel and uploads the document. From there it is encrypted by Sookasa, and the file is transferred directly to a secure subfolder in the counsel’s account.

5. USB Thumb/Flash Drives Are Also Susceptible to Inadvertent Disclosure.

Thumb drives may seem like a small, portable hard drive that you can hold on to, but they are only as secure as you make them. If the drive is not encrypted and password protected, then it is only secure if it stays in your possession. There are several free to low-cost options available for you. Truecrypt is one that the authors prefer that can easily encrypt thumb or flash drives.

Attorneys have a duty to provide effective and efficient service to their clients. Using and sharing digital files are a means of achieving this end; however, these tools must still be used cautiously. With a little upfront work you can create a security data management and exchange system that will protect both you and your clients. Hopefully these tips will offer some useful guidance as you go about creating your system.


Jeffrey Allen and Ashley Hallene

Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California. A frequent speaker on technology topics, he is editor-in-chief of GPSolo magazine and GPSolo Technology eReport. Recently, he coauthored (with Ashley Hallene) Technology Solutions for Today's Lawyer and iPad for Lawyers: The Tools You Need at Your Fingertips. In addition to being licensed as an attorney in California, he has been admitted as a Solicitor of the Supreme Court of England and Wales. He holds faculty positions at California State University of the East Bay and the University of Phoenix. He may be reached at jallenlawtek@aol.com. You may also get updated technology information from his blog: jallenlawtekblog.com. Ashley Hallene is a petroleum landman at Alta Mesa Holdings, LP, and practices Oil and Gas law, Title Examination, Due Diligence, Acquisitions and Oil and Gas Leasing in Houston, Texas. She maintains a diverse solo practice on the side. Ashley is the coauthor of the technology overview Making Technology Work for You (A Guide for Solo and Small Firm Attorneys) along with attorney Jeffrey Allen. She has published articles on legal technology in GPSolo Magazine, GPSolo eReport, and the TechnoLawyer Newsletter.  Ashley is an active member of the American Bar Association’s General Practice Solo & Small Firm Division, ABA’s Young Lawyer Division, the Texas Young Lawyer’s Association, the Houston Young Lawyer’s Association, and the Houston Association of Petroleum Landmen. She frequently speaks in technology CLEs and is Deputy Editor-in-Chief of the Technology and Reviews Department of the GPSolo eReport.