Apps and Model Rule 1.6(c)

AppsOrNot-1

Lawyers, could your favorite Smartphone apps or Tablet PC be creating Ethical violations? Do you use the web browser, GPS, calendar or email on your phone? How about Google Now or Cortana on your favorite Windows 10 device (mine is a Surface Pro 4)? Are you using Dropbox on your phone for your legal docs? Saving your personal pictures there? Can’t live without Facebook, LinkedIn, Instagram or Twitter? What apps are your staff using these days?

Do you realize that all of these collect info on you and each of them could represent a potential ethical consideration for your law practice?

Today, many of us could not go too long without some of our phone apps or “intelligence” application on our devices. These are super convenient tools however you need to realize the amount of data and privacy you and your staff are giving up by using these tools? Ever thought about ABA Model Rule 1.6(c) and the risks you take by you a using your favorite apps? Even worse, how about the risks your staff take without your knowledge to firm’s privacy and your client’s confidentiality?

As all my readers should know, Rule 1.6(c) states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client”. With that you know your firm is tasked with the job of securing their client’s confidentiality and their information however at the same time many law firms allowed their staff to use their personal smart phones and devices to access client data and firm email while they also create Facebook posts, “GPS” addresses and do legal research. Should you be concerned? Definitely and it should be put in perspective.

On my my iPhone I take videos and pictures, use no less than Siri and Maps (both built in to iOS), Facebook, LinkedIn, Safari, Waze, Weather Channel, Gas Price, Amex, Marriott, Starbucks, PayPal, eBay, iCloud, Dropbox and a bunch of other apps regularly. Consider the following scenario: you or one of your associates need to go meet with a client at their house or at their place of business. You use your GPS from your iPhone and search for the address. You put the address in Waze so that you can determine what traffic is in between you and your destination. You report an accident on Waze along the way. Once you get to your destination you happen to stop at a McDonald’s to grab a sandwich and they have an open Wi-Fi that your phone automatically connects to. Right then all your apps that require wireless start checking in and updating. Before you leave to meet with your a client, you do a quick Facebook post. Then when you meet with your client open up your email, read an email and respond to it. For your client you do a quick search on divorce cases with some particular child custody case law. In fact when you find what you are looking for, you use web browser to search court records for a date specifically using your client’s name.

Just in that little quick example you’ve given up so much info that if harvested by one entity you could be in breach of your obligations. Here’s what you’ve just given up:

  • That you are an attorney
  • Your clients address (home or work)
  • Your client’s name
  • The fact you are discussing a divorce with them and child custody
  • Oh and that you like McD’s

You have to ask yourself. if combined, would you consider this a breach of confidentiality? Better yet 1.69(c) uses the word “reasonable”. With all we know about data sharing and harvesting, is it still “reasonable” not to expect the data that was skimmed by your apps to be combined and evaluated? Much worse, how vulnerable are the companies that created your apps to legal action where the data would have to be shared to some other entity?

So how do you protect yourself and your client? Well first you have to know your apps, know what apps others in your firm are using and what the apps skim. You have to evaluate your devices for your level of comfort on the information that being harvested about you and your staff and the information that you deal with and that device regarding client. You can always change a bunch of settings on your phones but is it practical every time someone gets a new phone to go through and manually set all the privacy settings to turn things off? What about new apps we want to use? What do we need to know about the app before we decide to get it? How about updates to our apps; how do we know what new settings are introduced and how are existing settings (that we’ve already changed) affected by the update? Are they all reset? Lots to consider…

This is where a Mobile Device Use Policy and mobile device management software comes into play. A Mobile Device Use Policy important to put controls and/or guidelines in place around the do’s and don’ts on personal devices used in the line of conducting firm business. Send me an email and I’ll send you Mobile Device Use Policy you can use as a soup starter for your law firm. Keep in mind it’s just a template so be sure to make it fit your firm’s level of comfort and review it with your staff.

Compute Safe.