By Darryl E. Scott
Protecting Client Data in Today’s TechnologyDriven World
O
n January 1, 2014, the State of Texas issued, at the time, the largest statewide e-filing mandate in the country.1 This required all attorneys to file their documents (i.e., original petitions, service of process, motions, orders, etc.) electronically with the courts instead of standing in line to file physical documents at the clerk’s office. The mandate to electronically file in Texas started with the state’s ten most populous counties, which included Bexar, Collin, Dallas, Denton, El Paso, Fort Bend, Harris, Hidalgo, Tarrant, and Travis counties. The remaining counties were required to comply with the mandate by 2016. Although some attorneys were accustomed to e-filing in federal courts, many attorneys who only practiced in state lower courts were not ready for the sudden change the mandate required. Some attorneys retired early to avoid learning the new e-filing process, while others were able to foresee potential issues relating to data protection (i.e., client’s data). At its core, the practice of law does not require an advanced knowledge of technology, unless you are an intellectual property attorney with a focus on software and network-related patents. Generally, the practice of law requires a keen sense of the law and how it applies to the facts of your case – neither of which requires the knowledge of how cloud-based or encrypted data works. Historically, attorneys would simply maintain their clients’ confidential and sensitive information in file folders and storage bins. The State of Texas’s mandate to e-file all civil cases was the catalyst that forced an arranged, and seemingly unwanted, relationship between lawyers and technology. Under the Texas Disciplinary Rules of Professional Conduct,2 lawyers are required to protect their clients’ confidential information.
Protecting clients’ data was relatively simple prior to the advent of technology. Sensitive information was not stored in remote servers or cloud-based systems but was stored in file folders locked in a storage closet. Requiring attorneys to e-file forced attorneys to scan and store their clients’ data on electronic storage systems (i.e., servers or desktop computers). This created data security risks most attorneys were not (and mostly are still not) prepared to manage. This is problematic because attorneys manage some of the most sensitive information about individuals, and storing that data in electronic storage systems makes the data susceptible to hackers. To reduce the risk of exposing confidential and sensitive information, all law firms (including solo attorneys) should be familiar with these three areas of technology: Data Storage, Data Retention, and Data Communication. The following basic steps will ensure that your clients’ data is protected. 1. Data Storage First, an attorney should consider the method by which his or her clients’ data is stored. “Data storage” is a general term for archiving data in electromagnetic or other forms for use by a computer or device.3 There are many types of data storage devices to consider. An attorney should never use a mobile device, such as a smartphone, laptop, or tablet as a storage device for clients’ confidential and sensitive data. Although mobile devices can be password protected or encrypted, those protective measures are moot if the mobile device is lost or stolen. Your clients’ confidential and sensitive data should be stored on a secure system and remote system. At a minimum, your clients’ data should be stored on a server or desktop computer configured as a server. The server should be password protected with a strong password (i.e., numbers, letters, special characters) and should only be accessible by at most two trusted people. In situations where a solo attorney is incapacitated, measures should be in place such that a trusted thirdparty can access the server and retrieve the confidential data. There are exceptions for trial attorneys. For example, trial or hearing documents
