Oct. 12, 2013

Female lawyers of Contra Costa County host data security talk

The women's section of the Contra Costa County Bar Association hosted a data security presentation by Eliza M. Rodrigues, the associate general counsel and ethics counsel at Sedgwick LLP, at the Modern China Cafe in Walnut Creek on Oct. 3. Speaking before a packed house of female attorneys, Rodrigues explained how the tantalizing cost effectiveness and user-friendly nature of cloud computing could distract lawyers from the possibility of catastrophic mistakes and malpractice claims. Rodrigues said storing vital information on the cloud without backing it up elsewhere could lead to major problems. She pointed to Lavabit, a company that shut down rather than deal with federal investigations after its product was used by Edward Snowden, the leaker who revealed the National Security Agency's PRISM program to the public. Rodrigues said there was no way for a random user of Lavabit to know the website would suddenly close down. "They just decided to shut down and now you've lost all your data," she said. Rodrigues said an equally bad outcome could have happened if the company didn't shut down. "Suddenly the federal government has access to all of that data," she said. "Our utmost duty is confidentiality." She said it was important for any attorney using cloud data storage to make sure she had a contract requiring the data company to notify her about any data loss or hacking related to client data. Rodrigues said it was also vital to determine where a company's data centers are actually located. "There are some instances of data storage in Yemen. They don't have the same data regulations that we do." Jill Jackson, an account executive for Konica Minolta Business Solutions USA Inc. who attended the presentation, added that attorneys should be sure to get verification that their data is deleted by a company when their matter comes to an end. "You need to get a certificate from them that that's been wiped," she said. Rodrigues noted that using these services also leaves a company or law firm more vulnerable to information theft by employees. She said her firm's email system sends out emergency notifications if it detects that an employee has sent a large number of emails to a private account, but that there are no such protections for cloud services. "If they put them into Dropbox or Google Drive, I have no idea." — Joshua Sebold