The Pennsylvania State Bar came out with an advisory opinion directed at attorneys working at home given the COVID-19 pandemic.  It’s a good read for all of us as it reminds lawyers what we need to be doing to secure our client’s privacy and to ensure we don’t run afoul of our respective State and Territorial Bars.

I’ll list some good points from the Bar to follow further below.  But, my read of the big takeaways are:

1. You need to be Competent enough to keep Client Communications and information Confidential.

2. You need to take “reasonable” precautions.  It does not mean you have to have Pentagon-Grade IT Security.  But, it does not mean you can’t take any steps to secure your client’s info.  Simple steps like password protecting your computer and home Wi-Fi, using secure passwords, and running a VPN when you are using a public Wi-Fi should be your bare minimum basics.

3. You don’t need to be an expert.  If you need help, finds those (like me 😉) who you may be able to retain to assist you!

I did notice one bullet point below of unique interest:  “Prohibiting the use of smart devices such as those offered by Amazon Alexa and Google voice assistants in locations where client-related conversations may occur.”  What I found interesting, is the opinion doesn’t mention Apple’s Siri.  I’ll be writing about that in a future blog post.

Now, onto the PA Bar’s list of suggestions:

• Specifying how and where data created remotely will be stored and, if remotely, how the data will be backed up;

• Requiring the encryption or use of other security to assure that information sent by electronic mail are protected from unauthorized disclosure

• Using firewalls, anti-virus and anti-malware software, and other similar products to prevent the loss or corruption of data

• Limiting the information that may be handled remotely, as well as specifying which persons may use the information

• Verifying the identity of individuals who access a firm's data from remote locations

• Implementing a written work-from-home protocol to specify how to safeguard confidential business and personal information

• Requiring the use of a Virtual Private Network or similar connection to access a firm's data

• Requiring the use of two-factor authentication or similar safeguards

• Supplying or requiring employees to use secure and encrypted laptops

• Saving data permanently only on the office network, not personal devices, and if saved on personal devices, taking reasonable precautions to protect such information

• Obtaining a written agreement from every employee that they will comply with the firm's data privacy, security, and confidentiality policies

• Encrypting electronic records containing confidential data, including backups

• Prohibiting the use of smart devices such as those offered by Amazon Alexa and Google voice assistants in locations where client-related conversations may occur.

• Requiring employees to have client-related conversations in locations where they cannot be overheard by other persons who are not authorized to hear this information; and,

• Taking other reasonable measures to assure that all confidential data are protected.

Notable references in the PA Bar Association Formal Opinion

• American Bar Association Standing Committee on Ethics and Professional Responsibility in Formal Opinion 477R (May 22, 2017)

• PA Bar Formal Opinion 2010-200

• PA Bar Formal Opinion 2011-200

• ABA Formal Opinion 477R

Happy Lawyering!!!