Risk Update

Confidentiality, Information Security, Attorney-Client Privilege & Lawyer Security Education

Posted Dan Bressler

Third Party Disclosure Waives Privilege” —

  • “The Delaware Court of Chancery has held that a party waived its attorney-client privilege by submitting the documents at issue to the Federal Communication Commission.”
  • “The Plaintiffs seek thirty-one (31) documents previously produced by Defendant IDT Corporation (“IDT”) to the Federal Communications Commission (“FCC”) in 2016 in connection with an investigation pertinent to this Action.”
  • “But here, I find, IDT did not have an analogous expectation of privacy because the documents were not produced to the FCC under a confidentiality agreement. Instead, IDT merely requested that the documents remain confidential. IDT had no non-disclosure agreements with the FCC, and the Requests cited by IDT are insufficient to show that IDT reasonably believed that the documents would not be revealed to other adversaries.”
  • “In other words, IDT found it advantageous to disclose the privileged documents to a third party, the FCC, despite knowing that they could be disseminated. IDT did not have a commitment, let alone an enforceable agreement, with the FCC to keep the documents confidential. In that situation, IDT manifested its intent to waive any privilege by disclosing the documents to a third party.”

Cybersecurity Education for Lawyers” —

  • “One of the most pressing issues facing our legal profession, whether you are a solo practitioner or from a large firm, is the need for cybersecurity protection of confidential and proprietary client and law firm electronic information. “
  • “Thus, on June 13, 2020, the House of Delegates of the New York State Bar Association (NYSBA) overwhelming approved the Report of the Committee on Technology and the Legal Profession, presciently proposed prior to the pandemic, to recommend to the New York State Continuing Legal Education Board that the biennial CLE requirement be modified to require one credit of cybersecurity for each of the next two-year CLE cycles.”
  • “Social engineering is the psychological manipulation of people in order to convince them to divulge confidential information. Educating lawyers on how to avoid social engineering attacks is imperative because studies have shown that upwards of 97% of malware attacks targeted users through social engineering hacking attempts, and only 3% targeted the technical infrastructure of a company.”
  • “Through social engineering, appearing to be associated in one form or another with a lawyer, the law firm, a vendor or friend, a bad actor may seek to convince a lawyer or her staff to provide to him access to confidential information, secured information or a password.”
  • “The New York Law Journal (NYLJ) reported in an October 2019 article, entitled “Eight NY Law Firms Reported Data Breaches as Problems Multiply Nationwide,” that the number of law firm data breaches in New York State doubled in 2018…”
  • “The article reported that some cybersecurity lawyers and consultants said the numbers ‘likely represent a tiny fraction of the breaches affecting the legal industry. Law firms, like other privately held businesses, don’t often publicize when their data is breached, and many may not report it to state officials, depending on the law.'”