202005.27

Off

Keeping It Confidential: Protecting Data Privacy, Attorney-Client and Work Product Privilege with the Rise of Videoconferencing

in Blogs

Zoom app for video communications, cloud platform conferencing, chat, and webinars. Open Zoom website page on home PC and cat on work table.

The shuttering of businesses in response to the Covid-19 outbreak forced many companies to unexpectedly and quickly migrate to a remote workforce in order to continue operations. Law firms and clients alike faced unprecedented challenges adapting to new work environments, technological challenges, and privacy and security concerns.

The ethical rules vary by state regarding Attorney-Client and Work Product privilege, but the ABA has issued guidance on telecommunications to encourage attorneys to protect information transmitted electronically. See Formal Opinion 477.

There are a number of considerations and recommended steps to protect data privacy and privilege while working remotely.

I. Internet Security and Encryption

Internet security should be the first consideration to ensure all communications are protected while working remotely. Working in a public space and using free Wi-Fi is a great way to jeopardize the attorney-client privilege or enable a data breach. While most people are working from their own homes, not everyone secures their internet appropriately. It is not sufficient to simply password-protect home internet. Any company, law firm, or business that handles sensitive data should consider using a Virtual Private Network (“VPN”) to add secondary security. Additionally, all data should be encrypted and accompany strong security protocols. All confidential attorney-client and work-product privilege MUST be labeled as such.

II. Hardware and Software

While some companies were already equipped to allow employees to work remotely, others were unprepared. These companies experienced complications that arose from allowing an employee to utilize a personal computer to conduct work-related business.
Aside from security and privacy issues, some software installed on an employee’s personal machine may contain license restrictions against commercial use. The software license agreement for each product outlines specific use cases and restrictions. If the employee fails to abide by these restrictions by using the software for a new work-related purpose, the company itself could be liable for copyright infringement damages for violating the license agreement.

The best way to avoid potential copyright infringement damages is to provide each employee with a company-owned device that has properly licensed software pre-installed. Additionally, this provides the company a unique opportunity to install encryption and VPN connections, to deploy security protocols that prevent an employee from downloading any unlicensed software and to otherwise ensure the device is protected against a security breach.

III. Videoconferencing Protocols

The influx of traffic on web conferencing systems such as Microsoft Teams and a few others created issues with bandwidth and availability as their servers were overloaded. Zoom, another web conferencing company, was compromised by interlopers joining unsecured meetings. Videoconferencing has become a lifeline for many companies to continue business as usual in a remote environment, but it can be precarious if the correct steps are not taken to ensure privacy.

A. Password Protect All Meetings. Every meeting should be protected by a password. A number of videoconferencing companies allow a user to use their personal meeting login. However, it is not wise to repeat meeting IDs or passwords. If possible, always use a new, generated meeting ID and password. In the instance of recurring meetings with the same participants, most web conferencing options allow the same ID and password to be used for the recurrence.

B. Limit Participants to Protect Privilege. Most video or web conferencing platforms allow the host of the meeting to view the names and/or phone numbers of all participants. Ask everyone on the line to identify themselves. If you do not recognize a phone number or participant, end the meeting and send a new ID and password. In addition to random interlopers, it is critical to ensure that a client or customer does not invite third parties, contractors, or any other unauthorized person to the meeting when sharing attorney-client or work product privileged information. Sharing the information with third parties destroys the privilege and makes the information discoverable.

C. Ensure Meetings are Conducted in Secure, Private Locations. By now, most people have shrug off random barks or shouts from children in the background of web conferences. While it can be expected in light of school closures and family members working from home, it is important that other individuals are not able to overhear confidential discussions. If working in your own home, secure a location to conduct your meeting that will ensure no one will be able to observe it. For individuals traveling, it is equally important not to share sensitive information in public places like airports or restaurants.

D. Control Call Recording. There are many reasons why individuals might record a call from an attorney or a work-related discussion. The discussion itself could be confidential or privileged, but if the recording is backed up and stored elsewhere or discovered by participants outside of the conversation, it can lose the attorney-client privilege and can be discoverable in litigation. Communicate effectively with all participants in meetings to ensure everyone understands how to protect confidential information.

E. Avoid Attachments to Calendar Invitations. An easy way to ensure all parties have files readily available to discuss is to attach them to a calendar invitation. However, some conferencing systems, such as Amazon Chime, include an Amazon recipient on all invitation. This can be removed, but if a user is not cognizant of this issue, you could be sharing work-product privileged and other confidential files with third parties and thus destroying the privilege. If you have not fully vetted the web conferencing platform and considered the security of the transmissions, it is best to avoid sharing files through the calendar invitation.

Proper training and communication can go a long way to protect confidential and sensitive information. If you are unsure about how to minimize risks associated with working remotely, Scott & Scott, LLP can help.

5on Google,Feb 10, 2024

Salma

good

5on BirdEye,May 01, 2023

Kimberly

You made the entire process so easy! Having a lawyer with Managed Service experience and really knowing our business has been a game changer! I have nothing but great things to say about you!

5on Google,Apr 21, 2023

Mari

5on BirdEye,Apr 21, 2023

Julie and Kelli have been very helpful from beginning to end of the process.

5on BirdEye,Mar 22, 2023

George

Very professional team. I highly recommend them to any MSP.

5on Google,Mar 06, 2023

J&A

5on BirdEye,Mar 01, 2023

Steve

So far, the process has been very seamless. Some minor issues with access to the tool/portal but using incognito mode seems to get us around most of that. The team has been awesome.

5on BirdEye,Feb 07, 2023

Very professional project plan.

5on Google,Nov 19, 2022

Navid

5on Google,Aug 09, 2022

Jureni

5on Google,Jul 29, 2022

Mauricio

Scott & Scott LLP's team is very professional and efficient. Their knowledge and experience are unparalleled when it comes to MTSP/software law. Be sure to use them!

5on Google,Jul 25, 2022

Val

Rob is one of the rare few that successfully operates where the technology industry, business and entrepreneurship, and the law meet, making him an excellent resource for any company working at this unique intersection. As important, he wastes no time or words identifying the root cause of an issue and providing guidance that, without asking, takes the perspective of business, technology, and the law into account before ever being offered.

5on Google,Jan 09, 2022

Brent

Excellent legal advice.

5on Google,Jan 08, 2022

David

5on Google,Dec 29, 2021

Michael

Have used Scott & Scott on a number of different issues over the past few years. They are simply excellent. You would not go wrong using them for your legal needs.