Finding the Balance: Data Security, Privilege, Disclosure & Malpractice Liability in the Age of the Clouds

This course will discuss what constitutes adequate disclosure to the client of the technologies used and where their data might be stored, if not all stored on-site (which these days is impossible, unless the firm is so far back in the 20th century as to not use email).  After all, the meat of a commercial transaction these days is stored more so in an attorney's email history than in his or her actual file server cloud/drive.  The 'file' might only have a couple of versions of a document, as drafted and signed.  The emails will have every back and forth revision and all of the privileged communications constituting the internal talks of the negotiations.  Using an email account where the attorney doesn't own the data under the Terms of Service to discuss client matters should at least be disclosed specifically.   Given that the attorneys are the ones choosing the data retention vendors, attorneys might be obligated, and at the very least should be encouraged, to disclose those vendors' Terms of Service to their clients for full disclosure and informed consent.  The challenge is to do it using language that doesn't end up turning engagement letters into something as incomprehensible to the client as a software Terms of Service agreement.  This course will also discuss potential liability to the attorney from (a) data breaches and losses of privilege; and (b) the extent to which that liability can be mitigated through (i) best practices to maintain security; (ii) full disclosure prior to engagement and best practices for an engagement letter disclosure; and (iii) mitigation efforts in the event of a breach.