Lawyers pro­vid­ing an online file stor­age and retrieval sys­tem for client access of doc­u­ments must take rea­son­able pre­cau­tions to pro­tect the secu­rity and con­fi­den­tial­ity of client doc­u­ments and infor­ma­tion. Lawyers should be aware of lim­i­ta­tions in their com­pe­tence regard­ing online secu­rity mea­sures and take appro­pri­ate actions to ensure that a com­pe­tent review of the pro­posed secu­rity mea­sures is con­ducted. As tech­nol­ogy advances over time, a peri­odic review of the rea­son­abil­ity of secu­rity pre­cau­tions may be necessary.

FACTS

The inquir­ing lawyer wants to offer a ser­vice to clients that would allow clients online access to view and retrieve client files. The lawyer designed a multi-level secu­rity sys­tem in an effort to main­tain the con­fi­den­tial­ity and secu­rity of the files. First, the client files would be acces­si­ble only through a Secure Socket Layer (SSL) server, which encodes doc­u­ments, mak­ing it dif­fi­cult for third par­ties to inter­cept or read them. Sec­ond, the lawyer would assign unique ran­domly gen­er­ated alpha-numeric names and pass­words to each online client folder. The folder names con­tain no infor­ma­tion that could iden­tify the client to which it belongs. The pass­word would not be the same as the client folder name. Third, all online client files would be con­verted to Adobe PDF (Portable Doc­u­ment For­mat) files and pro­tected with another ran­domly gen­er­ated unique alpha-numeric password.

QUESTION PRESENTED

May the inquir­ing lawyer main­tain an encrypted online file stor­age and retrieval sys­tem for clients in which all doc­u­ments are con­verted to password-protected PDF for­mat and stored in online fold­ers with unique, randomly-generated alpha-numeric names and passwords?

For more infor­ma­tion: http://centricecm.wordpress.com/2010/01/07/arizona-ethics-bar-approves-online-access-to-client-records/

Com­pli­ments of File­Man Research

Cary McGovern-Fileman