Taking client privacy seriously
Another day, another data breach by hackers targeting a large company – that’s how it feels anyway, am I right? No one wants the hassle of dealing with canceling credit cards and trying to remember which passwords were shared with other sites, but these days it is approaching normal.
What also seems to be “normal” these days is many law firms “accidentally” not protecting their client’s privacy because the lawyers are not aware the software they are using exposes their clients to breaches of privacy.
As lawyers, anything our clients tell us is confidential and we cannot be forced to give up that information (except in very limited circumstances, such as a threat of immediate harm.) This is a good thing as it lets our clients tell us the truth and we can advise on that.
In this data age, most firms communicate with their clients via email and most firms back up those emails. Where are the servers located? If they are not in Canada, then those servers could be subject to inspection by the government of the country in which they are located. For e.g. in the U.S., data is scanned under the Patriot Act. This means if your lawyer backs up their data to a U.S. server, your private information could be reviewed by the NSA. Imagine if you’re accused of a crime you are adamant you didn’t commit, but your lawyer has backed up all of that data to a U.S. cloud. Enjoy your next border crossing.
Many sole practitioners think Dropbox is a fantastic way to store client files so they are accessible on their phones/laptops, etc. Dropbox has servers located in the U.S. You’ve just exposed all of your client info to the U.S. government.
Perhaps even more shocking is the latest law firm accounting cloud product, CLIO, is hosted in the U.S. Now, provided you don’t have detailed dockets setting out what your client conversations entailed, you probably didn’t violate lawyer/client confidentiality, but maybe you did. You certainly exposed your client’s contact information to the U.S. government as well as the fact they have retained a lawyer.
Most lawyers are trained as lawyers, they’re not trained as IT experts and may not even realize that they are exposing their client’s confidential information to other parties. That’s not a good enough answer in this day and age.
Our firm takes client information seriously and protects that information on Canadian based servers only. Our staff is not allowed to cross the border with law firm email on their laptops and mobile devices, thereby ensuring border guards do not read confidential information. Ask your lawyer if they take your privacy as seriously: we hope the answer is yes.