Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowBy Andrew Bloch, Magistrate Judge, Hamilton Circuit and Superior Court
Look around your office. At your desk. Even on your computer screen. How much identifiable information about your clients (or litigants if you’re a judicial officer) can you find in the next 60 seconds? Go ahead, I’ll time you. How many client names, phone numbers, account numbers or other personally identifiable information did you collect? How many different people’s information was exposed during your 60-second scavenger hunt? Was one of the people exposed you?
Let’s try something else. Close your eyes for a minute. Think of your favorite password (c’mon, we all have one). How many websites does that password give you access too? How many of your accounts would I have access to if I looked at that Post-it note you keep under your desk pad?
Why the self-reflection?
I originally wrote this article in 2019, and serendipitously as I was sitting at the Judicial Conference in a session about internet privacy, Indiana Lawyer reached out and asked if I could update this article. NPR once discussed a law professor who challenged her students to identify a person solely based on what they revealed in public. The results were frightening. As lawyers and judges, we collect and hold sensitive information. How well are we controlling who has access to it? During World War II, the United States put out a series of posters under the theme “Careless Talk.” The general point? Even small snippets of information could easily compromise national security.
Let’s return to our 60-second scavenger hunt, but now imagine it’s done by a member of the cleaning crew, a curious client left unattended in your office or even a family member. How much would client information be compromised if you left your cellphone or another electronic device on a chair in your local courthouse or coffee shop? How easy are we making it for others to compromise client confidentiality or client privacy? A few simple tips can make obtaining client information that much harder:
• Password-protect your electronic devices with strong passwords. (Don’t use “12345” or “password.”) Use unique passwords for each device and website account. Be careful whom you allow to use your electronic devices; you never know what they’ll use it for or download onto it.
• Use two-factor authentication whenever it is offered! Remember to sign out of your accounts when you are done on that website.
• Lock down your phones and other hand-held devices. Use FaceID or a strong passcode. Don’t let others use your phone out of your presence. You may want to avoid letting small children use your phone as things they download off the app store for “free” may pose security risks.
• Invest in a password manager. Most of the popular ones will create strong passwords that you don’t have to remember that are far stronger than you can come up with on your own. Then you don’t have to “keep signed in on this website,” which is the antithesis of security on the web.
• Try to keep clutter to a minimum on your desk or remove it entirely when a client or member of the public is in your office. Don’t leave your client.
• Log out of your devices when you’re done for the day and lock your office door.
• Don’t talk about client cases in public no matter how little information you give to the other party. It doesn’t take much information to identify someone using Google. I was recently on a train headed into Chicago and I was successfully able to figure out the identity of the person in the seat in front of me based on the information she discussed with her friend on her cellphone and by her frequent use of TikTok.
• Be careful what you post about cases, parties, other lawyers, judges and court staff on the internet (whether it’s Instagram, your own blog, reels or via email). Lawyers have been disciplined for divulging confidential information or making derogatory comments about other lawyers, the courts, and the Disciplinary Commission in violation of Professional Rules of Conduct.
• Listservs or Facebook groups can be your friend for advice, but the other lawyer or judicial officer may also see your question or your response.
• Reexamine office policies and work with staff to eliminate potential areas of risk.
This list isn’t exhaustive, but rather a starting point to reexamine how we protect data about ourselves and others.•
Please enable JavaScript to view this content.