The document summarizes a CLE presentation on the winning case for online document management. It introduces Christopher T. Anderson from LexisNexis Firm Manager and Dan Barahona from WatchDox who will be presenting. It provides brief biographies on each presenter, including their relevant experience and roles at their respective companies. The document then outlines several topics that will be covered in the presentation related to online document management, data security, ownership and expectations.
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
The Winning Case for (Law Firm) Online Document Management
1. CLE CODE: 23277
The Winning Case for Online
Document Management
Presented by:
Christopher T. Anderson, Esq.
Product Manager
LexisNexis Firm Manager®
Dan Barahona
VP Business Development
WatchDox
2. Christopher T. Anderson, Esq.
Product Manager, LexisNexis Firm Manager®
The proud father of a six-year old boy, avid pilot, and lawyer:
Christopher is the Product Manager for LexisNexis Firm Manager®, a
web-based practice management system that helps attorneys get and
stay organized, serve their clients better, work more productively, at any
time, from anywhere.
Mr. Anderson has authored several articles, and spoken to fellow
attorneys on a wide range of topics, including law firm management, the
ethics of cloud computing, the future of technology in law firms, etc.
Mr. Anderson has presented to Legal Tech New York, ABA TECHSHOW,
various State and Local Bar associations, National CLE conferences, etc.
Prior to working with LexisNexis, he was the managing partner of fullservice law firm in Georgia. Mr. Anderson practiced in the fields of
family law and business litigation, and nurtured his passion for bringing
technology to bear to help lawyers work smarter, serve their clients
better, and be more profitable.
Previously, he also served as an assistant district attorney in New York
City, and in Georgia. Mr. Anderson was also Associate General Counsel
and Director of Client Services for RealLegal, a legal software company.
He is a graduate of Cornell University, and received his Juris Doctorate
from the University of Georgia School of Law in 1994. Christopher
Anderson is admitted to practice in the federal and state courts of New
York and Georgia.
2
3. Dan Barahona
VP, Business Development, WatchDox, Inc.
Dan leads business development for WatchDox and is responsible for
the company’s strategic partnerships and driving new market
opportunities.
WatchDox is
Before joining WatchDox, Dan was Vice President of Business
Development at ArcSight, where he led the company’s technology
alliances and partner ecosystem, as well as ArcSight’s integration into
HP after its acquisition. Prior to ArcSight, Dan joined Sensage as one of
its first 10 employees and drove the company’s transformation into
the information security space. As the Vice President of Business
Development, Dan led Sensage’s strategic alliances, completing OEM
relationships with HP and Cerner, and partnerships with EMC, McAfee
and SAP.
Dan holds a B.S. degree in Engineering from the Rensselaer
Polytechnic Institute, a Master of Engineering degree from Cornell
University, and an MBA from the University of Michigan.
3
4. Clinging to the Past
Resources:
http://www.chubb.com/businesses/csi/chubb4629.pdf
http://www.americanbar.org/groups/professional_responsibility/services/ethicsear
ch/materials_on_client_file_retention.html
http://www2.nycbar.org/Publications/reports/show_html_new.php?rid=794
4
5. Model Rule of Professional Conduct 1.16: Terminating Representation
Upon termination of representation, a lawyer shall [surrender] papers and
property to which the client is entitled… The lawyer may retain papers relating
to the client to the extent permitted by other law.
5
9. Cloud Storage:
Is It Safe?
Model Rule of Professional Conduct 1.15:
Safekeeping Property
A lawyer shall hold property of clients or third persons
that is in a lawyer's possession in connection with a
representation separate from the lawyer's own
property. ... [P]roperty shall be identified as such and
appropriately safeguarded. Complete records of [the]
property shall be kept by the lawyer and shall be
preserved for a period of [five years] after termination
of the representation.
9
10. Model Rule of Professional Conduct
1.6: Confidentiality of Information
(a) A lawyer shall not reveal information
relating to the representation of a client
unless the client gives informed
consent…
(c) A lawyer shall make reasonable
efforts to prevent the inadvertent or
unauthorized disclosure of, or
unauthorized access to, information
relating to the representation of a client.
10
13. Data Ownership
Above all, your confidential client data belongs to your client.
Questions to ask:
•What are your contract terms/conditions?
•Policies on Government requests?
•Data return procedures?
•What happens when you cancel?
•How are third parties vetted?
•Use of my data internally?
•Is any anonymized information used?
13
14. Data Ownership
Actual Terms and Conditions from (non-legal focused) Cloud Vendors…
− BRAND X will have no responsibility for any harm to your computer
system, loss or corruption of data, or other harm that results from your
access to or use of the Services or Software
− BRAND X: If you add a file to your [Brand X] that has been previously
uploaded by you or another user, we may associate all or a portion of
the previous file with your account rather than storing a duplicate
− BRAND Y: When you upload … content to our Services, you give Brand Y
(and those we work with) a worldwide license to use, host, store,
reproduce, modify, create derivative works … communicate, publish,
publicly perform, publicly display and distribute such content.
− BRAND Y: Your domain administrator may be able to … access or retain
information stored as part of your account [and]restrict your ability to
delete or edit information… or privacy settings.
14
22. Sources
For Your Reference and Reading Pleasure
A Lawyer’s Guide to Records Management Issues, Chubb Insurance
http://www.chubb.com/businesses/csi/chubb4629.pdf
(Overall guideto Records Management Issues)
Materials On Client File Retention, American Bar Association
http://www.americanbar.org/groups/professional_responsibility/services/ethicsearch/materi
als_on_client_file_retention.html
THE ASSOCIATION OF THE BAR OF THE CITY OF NEW YORK COMMITTEE ON PROFESSIONAL
AND JUDICIAL ETHICS, Formal Opinion 2008-1:
A LAWYER’S ETHICAL OBLIGATIONS TO RETAIN AND TO PROVIDE A CLIENT WITH ELECTRONIC DOCUMENTS
RELATING TO A REPRESENTATION
http://www2.nycbar.org/Publications/reports/show_html_new.php?rid=794
22
23. CLE CODES: 23277
43411
Thank You!
The Winning Case for Online
Document Management
Presented by:
Christopher T. Anderson, Esq.
Product Manager
LexisNexis Firm Manager®
Dan Barahona
VP Business Development
WatchDox
Editor's Notes
The “management of documents” has been a mainstay of lawyering since its inception. The creation, interpretation, preservation, and destruction of documents have long been the purview of attorneys. While the most important of these have been recorded with the Courts, others, including wills, contracts, indentures, instruments, and evidence have long been safeguarded … more or less effectively, by we, the legal profession.
Model Rule of Professional Conduct 1.15: Safekeeping Property:
A lawyer shall hold property of clients or third persons that is in a lawyer's possession in connection with a representation separate from the lawyer's own property. ... [P]roperty shall be identified as such and appropriately safeguarded. Complete records of [the] property shall be kept by the lawyer and shall be preserved for a period of [five years] after termination of the representation.
Anecdote – The storage unit of TW&A, and other firms. Unknown destruction of documents by pests, moisture, water, fire, etc.
For a long time, we have created, stored, shared, and transmitted documents in a variety of ways … many of which date back to much simpler times. Once upon a time it was impractical to safeguard all but the most secure documents, unthinkable to “back-up” boxes and boxes of stuff, and unimagineable to retain control of a document once it left your office. No more.
Resources:
http://www.chubb.com/businesses/csi/chubb4629.pdf – Overall gyude to Records Management Issues
http://www.americanbar.org/groups/professional_responsibility/services/ethicsearch/materials_on_client_file_retention.html - ABA Materials on Client File Retention
http://www2.nycbar.org/Publications/reports/show_html_new.php?rid=794 – On obligations around Electronic Documents
Traditionally, documents started out as paper, were copied onto paper, and were stored as paper. (After stone tablets, of course.)
Model Rule of Professional Conduct 1.16: Terminating Representation
Upon termination of representation, a lawyer shall take steps to the extent reasonably practicable to protect a client's interests, such as giving reasonable notice to the client, allowing time for employment of other counsel, surrendering papers and property to which the client is entitled and refunding any advance payment of fee or expense that has not been earned or incurred. The lawyer may retain papers relating to the client to the extent permitted by other law
Dan – evolution of digital documents
Chris – adds flavor legal industry specific
4 kinds:
Documents originally on paper – Scanned
Documents originally on paper – Scanned and OCR’d.
Documents originally electronic
Documents originally electronic, and converted to another format
Consider storage medium, and future accessability
Not limited to “documents”
Word
Excel
Audio
Video
Etc., etc.
Chris - With HIPAA laws and customers demanding more transparency, law firms are forced to make changes on how they share information with clients.
Clients are used to accessing documents where they want, when they want.
Evolving client expectations vis-à-vis how lawyers are organized (and conduct their business)
Self-help
Sophistication
Anecdotes about banking, Dr. lab reports, etc.
Dan – Add anything relevant
How to minimize risk by going digital
Chris to take and ask Dan a couple of questions specific to minimizing risk
This slide leads to risk management – point out that what they currently have today in the office to include servers is not as safe as some cloud solutions.
How traditional methods of document storage are actually less safe than online storage
Risks
Fire
Intrusion
Theft
Loss/Misfiling
Mitigation
Backups
Security
Detection/Protection/Expiration
Search
Self assessment
Client-Lawyer Relationship Rule 1.6 Confidentiality Of Information
(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).
(b) A lawyer may reveal informa tion relating to the representation of a client to the extent the lawyer reasonably believes necessary:
(1) to prevent reasonably certain death or substantial bodily harm;
(2) to prevent the client from committing a crime or fraud that is reasonably certain to result in substantial injury to the financial interests or property of another and in furtherance of which the client has used or is using the lawyer's services;
(3) to prevent, mitigate or rectify substantial injury to the financial interests or property of another that is reasonably certain to result or has resulted from the client's commission of a crime or fraud in furtherance of which the client has used the lawyer's services;
(4) to secure legal advice about the lawyer's compliance with these Rules;
(5) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer's representation of the client;
(6) to comply with other law or a court order; or
(7) to detect and resolve conflicts of interest arising from the lawyer’s change of employment or from changes in the composition or ownership of a firm, but only if the revealed information would not compromise the attorney-client privilege or otherwise prejudice the client.
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
“The only truly secure computer is the one unplugged from the wall and locked in a vault.”
At bare minimum, vendors should provide “better-than-yours” data security. Ask them about:
Encryption type?
Environmental security?
Testing methods?
Real-time intrusion monitoring?
Third party certifications?
Internal controls?
Chris takes and Dan adds to it
There are some standard credentials you should look for when shopping for a reputable vendor.
You will see reference to SAS 70 type ii attestation. This is a Statement of auditing standards developed by the AICPA, the American Institute of Certified Public Accounts, to audit and examine internal controls of service organizations. SAS70 encompasses a number of data center best practices i.e.:
Built and Constructed for Ensuring Physical Protection
Protection of the Physical Grounds
Provisioning process – someone who checks everyone entering and leaving the building
Off-boarding process – when an employee leaves – a process for removing any access
Maintenance of Vegetation – for purposes on not concealing or hiding an intruder
Security Systems and 24x7 Backup Power
Electronic Access Control systems
Alarms, Cameras, Data center security (armed guards)
Scheduled and unscheduled security inspections by internal and external parties
These are just a few of the items as must haves for SAS70 compliance
There was a blog by David Cochran () in mid-May that discussed the importance of making sure you find a provider that is SAS70/SSAE 16 certified, now he was referring to a discovery management provider but it is relevant for any cloud based solution where you have client privileged information. (see below for detailed references in the article). To sum up Mr. Cochran said “Does the provider you are about to select have the SAS70/SSAE 16 certification? If the answer is no, then move on.”
2) eTrust - An eTrust Privacy Certification indicates that your website has been reviewed by eTrust and has met our stringent privacy and data protection requirements. Having an eTrust Privacy logo on your website or obtaining this certification signifies to customers that any critical data collected, such as home addresses and phone numbers are not exchanged with third parties without their consent. This is vital in having a trustful relationship between you and your customers. eTrust Privacy Certifications need to be renewed each year, however if you change your Privacy Statement we will automatically reassess it (there is no fee for this).
3) Why should you care about where data centers are located? Not all countries have the same privacy and protection laws that the US enforces when it comes to your data and client privileged information.
4) Trustwave, TrustE and HIPAA/HiTech are also terms you want to look for. Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations ; TRUSTe ensures compliance with evolving and complex privacy requirements; HIPAA/HiTech – this is mainly meaning that we encrypt information, we secure the data with authentication, we backup the data, we virus scan the data, etc.
4) I think the other criteria you should consider when selecting a company to trust is their history and reputation in the industry. You want to be assured that the business you trust to lease mission critical software from and house your data is going to be around a year or two from now.
Re: Government requests – we have to abide by government requests, however, you own the data, we have to provide you with notice we are being asked for data
Questions to ask:
What are your contract terms/conditions?
Policies on Government requests?
Data return procedures?
What happens when you cancel?
How are third parties vetted?
Use of my data internally?
Is any anonymized information used?
X is Dropbox
Y is Google
More Dropbox:
You, and not Dropbox, are responsible for maintaining and protecting all of your stuff. Dropbox will not be liable for any loss or corruption of your stuff, or for any costs or expenses associated with backing up or restoring any of your stuff.
We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights.
Start with Dan –
Digital Rights management has been around as early as the 1960s when recordings began to be pirated. And when documents went digital, and email became the prevalent way to communicate and send documents, many problems and risks were introduced to the world of Digital Rights Management.
What it is? What it isn’t
Hand off to Chris
The 2012 ABA Legal Technology Survey showed that, although 57% of law firms offered an online (or cloud based) method of document management or storage, and 21% of lawyers use this type of service on a regular basis. It’s important to understand the professional responsibility of a lawyer and the ABA Model rules that focus on client privilege and protecting client information.
Of the ones who do, only about 1/3 bothered to read corresponding privacy policies or make sure the sites had proper encryption.
Search
There are powerful and new methods of digital document search that can save hours of wasted time
Dan talks about the trends in the document industry
Chris talks about the legal industry specific stuff
Dan will talk about encryption
Chris chimes in with legal specific stuff
Chris - How to lead the change for going digital at your firm:
With Facts and Resources … what you learn here is a good start!
By Example. Try it, learn it, teach it.
By Comparison … is it better than what you’re doing today?
Here is an example using WatchDox of the type of Saas based solutions that are affordable as they are robust.