Professional Documents
Culture Documents
Materials How To Read and Understand A Privacy Statement 1709588937131
Materials How To Read and Understand A Privacy Statement 1709588937131
Statement
Learn how to read privacy statements to meet your professional obligations and reduce risks
Intro
2
Objectives
1. Know when you should read and understand a third party’s privacy statement
• When does your duty of confidentiality require it?
• When would doing so reduce risks or ensure compliance?
2. Identify the key elements of a privacy statement; and
3. Learn how to analyze key provisions of a privacy statement to accomplish your task
Objective 1
4
When should you read and understand a third
party’s privacy statement?
When you need to know what the third party will do with
information you give it access to or share.
Scenario 1: You or your law firm would like to share information relating to the representation of a
client that is subject to the duty of confidentiality.
Scenario 2: You or your client would like to share client information with a third party subject, where
the client information is:
Scenario 1
6
Duty of Confidentiality
Duty of Confidentiality
8
Information Relating to the
Representation of a Client
• An attorney must take reasonable precautions when transmitting information relating to the
client’s representation.
• Lawyers also are responsible for assessing whether additional security precautions are required to
comply with other law, such as state and federal laws that govern data privacy.
• The use…of online data storage maintained by a third-party vendor raises a number of ethical
questions because any confidential client information included in the stored data is outside of
the direct control of the lawyer.
10
WSBA Advisory Opinion on RPC 1.6
11
Duty of Competence
Comment 8:
To maintain the requisite knowledge and skill, a lawyer should keep abreast
of …the benefits and risks associated with relevant technology…
12
Scenario 2
Client Information
When does this come up in-house? In
private practice?
13
Client Information
14
Client Information
15
Objective 2
16
What is a privacy statement?
• Is it a contract?
• How does it differ from terms of use?
• What is the difference between a privacy statement and
data processing agreement?
• What other agreements may matter?
17
18
Objective 3
19
20
How will it be used?
21
1. Familiarization with the potential risks of online data storage and review of available general audience
literature and literature directed at the legal profession, on cloud computing industry standards and desirable
features.
2. Evaluation of the provider’s practices, reputation and history.
3. Comparison of provisions in service provider agreements to the extent that the service provider recognizes the
lawyer’s duty of confidentiality and agrees to handle the information accordingly.
4. Comparison of provisions in service provider agreements to the extent that the agreement gives the lawyer
methods for retrieving the data if the agreement is terminated or the service provider goes out of business.
5. Confirming provisions in the agreement that will give the lawyer prompt notice of any nonauthorized access to
the lawyer’s stored data.
6. Ensure secure and tightly controlled access to the storage system maintained by the service provider.
7. Ensure reasonable measures for secure backup of the data that is maintained by the service provider.
22
Questions?
23