If you're an attorney – or a technician tasked with protecting attorney data, take note of important California Opinion 2010-179 on the duties of confidentiality and competence in the handling of client data (warning: opens seven-page PDF).
I'm sure by now you've already heard about the new iPhone/iPad/iPod Touch app that allows you to confess electronically. Before you take that stairway to heaven, I have one word of advice:
Do you think maybe there's a reason that confession was meant to occur in private, using the spoken word between the priest and the penitent? There isn't a secretary present taking notes. And before anyone mentions privilege, forget it. This isn't about privilege. Privilege isn't going to wash away (there I go again) the embarrassment when your most private thoughts and feelings become public.
We've become a world of "over-sharers". We think everyone needs to know everything about us. I figure this must be part of the Andy Warhol, fifteen-minutes-of-fame problem. Problem? That's right – problem. Is it generational? In my opinion, yes, for the most part.
Never mind the fact that I've read several articles related to this app in which the "makers" (sorry, I couldn't help myself) claim they've done everything they can to make it secure. Their sincerity notwithstanding, I don't care. Do not put your personal thoughts on your device. Period!
Think of it this way. Confession iApp = Diary. Your future is a hell (sorry, did it again) of a lot more valuable than $1.99.
In this decision from the Third Appellate District of California, the Court found that Holmes’ emails did not fall under the protection of attorney-client privilege (warning – link opens a 40-page PDF of the ruling).
Because she wrote them on a company computer with the knowledge that the company had a “we own the data” policy.
YMMV (that’s my cute way of telling you, other state laws are contra, e.g. New Jersey’s Stengart). From that post:
“I suppose if I simply admonish you not to use your company collateral for personal purposes, you’re going to ignore me, but it’s missing the point, anyway. You can’t un-ring the bell. Sure, I understand that, in this case, they were forced to return the emails and there was to be a decision as to whether the law firm that read the emails could even continue in their representation, but the bottom line is, the emails were still read.”
A little fun fact? Holmes never said, “Elementary, My Dear Watson”.
The milk is looking at me a little sideways – with that sour puss, too.
Great. I already have to worry about every damn device spying on me…now my cereal is doing it! Tongue in cheek, yes…but how hard do you think it would be to accumulate inappropriate information from the box, then transmit it virtually anywhere?
Corporate espionage, anyone?
This opinion piece by a consumer watchdog group (literally named "Consumer Watchdog") does a good job of expressing the tensions between the FTC and the State of California regarding approaches to internet privacy.
Now, I've certainly banged the privacy drum loudly this past year – and I don't intend to focus on it as much in 2011, lest I risk being compared with Chicken Little (by the way, just because a chicken tells you the sky is falling, doesn't mean it's not true) – but my focus has been on the evidentiary risks of not protecting your privacy, whether it be on an individual basis, corporate or somewhere in-between.
This is an e-discovery blog, after all…
Nor do I necessarily agree with the concept of a "do not track" list, as I've mentioned before (because in my opinion, it probably won't work). There has to be an effort at formulating comprehensive policy, rather than acting like tracking a node is somehow like tracking a telephone number. What do I mean?
- Has anybody thought about how one would manage such a list? How will one identify the requestor? By name? By IP#? By a unique device name/code? (Whoops; there goes your privacy). Suppose the individual has a PC, a laptop and a PDA – and they swap PDAs annually. How will the database account for this?
- Take into account everything above, now add all of the devices in a corporate environment – and we know how often those are refreshed. Will the firewall be enough?
- Now, what about the spouse, the children and all of their devices? Children are by far the most vulnerable because, a) they already think they're bulletproof and b) they don't yet fully understand the concept of privacy (heck, neither do a lot of their parents!)
On the plus side, there are brilliant minds out there who may actually have answers to some of these issues, but the point I'm making is, you can't just slap a feel-good name on something, then give the public the impression that it's a panacea to all of their concerns.
We're not just talking about preventing annoying sales-calls at dinnertime. Placating the public without actually achieving the goal will increase the risk (through a false sense of security), not reduce it.
When you endeavor to cross a border, you give up many of your 4th Amendment protections against illegal search and seizure. To put it another way, a search at the border, absent probable cause – or even reasonable suspicion, for that matter (a lower standard) – isn't an illegal search. Lawyers are well aware of this, but what about the general public?
Two issues are triggered here. The first, privacy, I've written about before (see my International category). Also, the mere act of crossing the border with certain ESI on your device (and many paper documents, for that matter) may violate the privacy laws of the country you seek to enter (possibly criminally).
However, today's discussion is a little more nuanced than that. It's one thing to be granted the right to search a person, their luggage and their electronic devices for a bomb; but does that right extend to the contents of the device? Well, the short answer is, yes. Is that proper? Do you agree?
I suppose this might bring new meaning to the retort, "Don't touch my junk!"
Say you have a password-protected file with your personal banking, credit card and other financial information on it. Now let's go one step further. Suppose it's a company laptop, the file contains your employer's financial information and it contains evidence of a crime? Two steps further? You keep both personal and corporate information on it (does that sound like you?). What's the difference between a federal official accessing it at the border versus going into your bank, demanding the key and opening your safe-deposit box – without a warrant?
I'll tell you the difference. When you show up at the border, it's implied consent. You waive your right to protest. That's how the law stands now. However, that may – or may not – change, subject to the outcome of the latest challenge.
In the meantime, this is a cautionary tale for executives who travel internationally; oh, and don't forget your charger.
I have visions of a film noir; dark alley, stormy night, mysterious person in trenchcoat, hat with the brim pulled low so the eyes are barely visible…did I mention it was stormy? And while this scene plays out, the message is unmistakeable. "We can get to you."
Well, diplomats, that applies to you, too. Nothing like having your 'confidential' cables revealed for all of the world to see.
You didn't really call Kim Jong Il a "flabby old chap", did you? Bet you wish you could take that one back, eh?
Perhaps this will serve as a timely reminder…
I know you hate it when I do this, but I don't have a lot of spare time and Ralph Losey just did another excellent treatise on the "SUNY" case, which sheds some light on when to issue a litigation hold.
I know you want to know about this because my stats tell me that over a year after I first posted it, my sample of a litigation hold letter – which you see over on the left sidebar – is still the most popular item on this blog.
So, I highly recommend you take a look; and pay close attention to the contrast in privileges. We need all the guidance we can get.
If the Supreme Court upholds the 9th Circuit ruling, it would have a deleterious effect on the notion that, "As employers, we own it, so we can do what we want with it".
If they strike it down? Well…