CBA Record November 2017

LEGAL ETHICS

John Levin’s Ethics columns, which are published in each CBA Record, are now in-

dexed and available online. For more, go to http://johnlevin.info/ legalethics/.

BY JOHN LEVIN ABA Formal Opinion 477R and Client Data E arlier this year I took a trip to Russia–simply as a tourist having never been to that part of the world.

hacking and data loss in terms of ‘when’ and not ‘if ’[,]” and that law firms are tar- gets of hackers. The opinion then states: “A lawyer generally may transmit infor- mation relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to pro- tect against the inadvertent or unauthor- ized disclosure of client information when required by an agreement with the client or by law, or when the nature of the informa- tion requires a higher degree of security.” After reviewing the earlier ABA opin- ions addressing confidentiality and cyber- security, the Opinion rejects “requirements for specific security measures (such as fire- walls, passwords, and the like) and instead adopts a fact-specific approach to business security obligations that requires a ‘process’ to assess risks, identify and implement appropriate security measures responsive to those risks, verify that they are effectively implemented, and ensure that they are continually updated in response to new developments.”The Opinion then engages in a discussion of the factors a lawyer SOLO SMALL FIRMRESOURCE PORTAL One stop shopping for all your needs. Includes sections on staring your own firm, marketing, business networking, law office technology training, low cost office management consult- ing, and savings on insurance and business expenses. Visit www.chicagobar.org and click on the Resources tab.

ETHICS QUESTIONS? The CBA’s Professional Responsibility Commit- tee can help. Submit hypothetical questions to Loretta Wells, CBA Government Affairs Direc- tor, by fax 312/554-2054 or e-mail lwells@ chicagobar.org. should include in making the “reasonable efforts determination.” The discussion is too lengthy to summarize here, and I rec- ommend that all lawyers carefully review the Opinion. Which brings us back to Russia. Unbe- knownst to me at the time, I had followed the recommendations of the Opinion in analyzing the risks of disclosing con- fidential information and the cost and difficulties of safeguards. The resolution was to buy a flip phone for use in Russia and not transmit any sort of personal or confidential information. While this solu- tion was not too inconvenient for personal use, it would certainly complicate any sort of professional communication. Unfortu- nately, the way the cyber-world is evolving, professionally we may be facing these sorts of complications soon. HAVING TROUBLE LOGGING IN? To access the members only section on our website, enter your CBA member number as your account number (do not enter any leading 0’s in yourmember number) and then enter your member number followed by your last name (all lower case with no punctuation or spaces) as your password. Forgot your member number? Call 312/554-2135.

As I usually do before traveling to another country, I did some investigating into Internet security since we usually take a smart phone or tablet with us when we travel to keep in contact with the rest of the world. I had been warned by friends that between the Russian government and Russian hackers there was not much secu- rity–so I did some research of my own. What I learned was that you should assume that any communication you make while in Russia is being intercepted and read (or listened to) and any device you bring to Russia will be corrupted and the informa- tion on it copied. The common advice was not to bring a “smart device” to Russia. So we didn’t. I noticed that our fellow travellers must have had the same advice since people were not constantly reading their tablets or checking their phones for emails. One person told me he had purchased a sim card for use only in Russia and was not using any password-protected sites while there. This brings us to ABA Formal Opinion 477R (Revised May 22, 2017)– “Securing Communication of Protected Client Infor- mation”. While I did not see the opinion until after my return, the opinion speaks directly to my experience. The opinion notes that “law enforcement discusses

John Levin is the retired Assis- tant General Counsel of GATX Corporation and a member of the CBARecord Editorial Board.

44 NOVEMBER 2017