The PA Bar's Advisory Opinion Provides Some Good Tips to Working From Home!
The Pennsylvania State Bar came out with an advisory opinion directed at attorneys working at home given the COVID-19 pandemic. It’s a good read for all of us as it reminds lawyers what we need to be doing to secure our client’s privacy and to ensure we don’t run afoul of our respective State and Territorial Bars.
I’ll list some good points from the Bar to follow further below. But, my read of the big takeaways are:
You need to be Competent enough to keep Client Communications and information Confidential.
You need to take “reasonable” precautions. It does not mean you have to have Pentagon-Grade IT Security. But, it does not mean you can’t take any steps to secure your client’s info. Simple steps like password protecting your computer and home Wi-Fi, using secure passwords, and running a VPN when you are using a public Wi-Fi should be your bare minimum basics.
You don’t need to be an expert. If you need help, finds those (like me 😉) who you may be able to retain to assist you!
I did notice one bullet point below of unique interest: “Prohibiting the use of smart devices such as those offered by Amazon Alexa and Google voice assistants in locations where client-related conversations may occur.” What I found interesting, is the opinion doesn’t mention Apple’s Siri. I’ll be writing about that in a future blog post.
Now, onto the PA Bar’s list of suggestions:
Specifying how and where data created remotely will be stored and, if remotely, how the data will be backed up;
Requiring the encryption or use of other security to assure that information sent by electronic mail are protected from unauthorized disclosure
Using firewalls, anti-virus and anti-malware software, and other similar products to prevent the loss or corruption of data
Limiting the information that may be handled remotely, as well as specifying which persons may use the information
Verifying the identity of individuals who access a firm's data from remote locations
Implementing a written work-from-home protocol to specify how to safeguard confidential business and personal information
Requiring the use of a Virtual Private Network or similar connection to access a firm's data
Requiring the use of two-factor authentication or similar safeguards
Supplying or requiring employees to use secure and encrypted laptops
Saving data permanently only on the office network, not personal devices, and if saved on personal devices, taking reasonable precautions to protect such information
Obtaining a written agreement from every employee that they will comply with the firm's data privacy, security, and confidentiality policies
Encrypting electronic records containing confidential data, including backups
Prohibiting the use of smart devices such as those offered by Amazon Alexa and Google voice assistants in locations where client-related conversations may occur.
Requiring employees to have client-related conversations in locations where they cannot be overheard by other persons who are not authorized to hear this information; and,
Taking other reasonable measures to assure that all confidential data are protected.
Notable references in the PA Bar Association Formal Opinion
Happy Lawyering!!!