How Lawyers Should Handle Thumb Drives
Monday, April 20, 2015
How Lawyers Should Handle Thumb Drives
Print Mail Download i

As part of investigations and discovery practice, lawyers regularly request and receive electronically stored information.  This may be through a FOIA request, or from medical records requests, or prior counsel's files, or subpoenae duces tecum, or Rule 34 requests, or directly from a client.  ESI may be provided on a CD or DVD, or a thumb/flash/usb drive, or an external hard drive, or through a third-party cloud host.  Unfortunately, this practice is replete with risks.

As recently reported, in a police whistleblower case in Arkansas, the plaintiffs' counsel received from opposing counsel, an external hard drive containing request document and...four Trojans.  Many attorneys, paralegals, and other legal support staff might not think twice about inserting a disk or device received from a known third party into their computer.  Fortunately for the plaintiffs' counsel here, he thought better of it.  Had he not done so, it is possible that the firm's entire computer records could have been transmitted to a data thief or the firm could have been locked out of its files.

If physical file transfer creates risk of infection, cloud systems present their own risks.  Dropbox and other cloud systems can be hacked or create opportunities for employees to easily steal information.  Unencrypted data can be accessed by the cloud system and delivered to third parties.  

With that in mind, lawyers and law firm managers need to consider these risks as part of their ethical duties.  Among potential solutions are: lock-out computers to preclude use of a USB drive; review the terms of service of the cloud storage provider; strongly encrypt all confidential files on the firm's computers before sharing with a cloud provider; and use an unconnected computer to scan all third-party media before it reaches the firm's network.  

Although this matter affects all types of businesses, law firms are especially vulnerable due to the information collection and distribution requirements of practice.  The firm's network IT is not necessarily going to be an expert in data security.  Facing liability for a data breach and a bar complaint arising from the same oversight must be considered. 

© 2024 by Raymond Law Group LLC.

Current Legal Analysis

More from Raymond Law Group LLC

How Business Owners Can Watch For Fraud
by: Cyber Liability, Data Security and Privacy at Raymond Law Group LLC
Preparing For Litigation As A Small Business
by: Business Law and Litigation at Raymond Law Group LLC
Jennifer Lopez Sued for Copyright Infringement
by: Business Law and Litigation at Raymond Law Group LLC
When Do Business Activities Rise To The Level Of Corporate Fraud?
by: Business Law and Litigation at Raymond Law Group LLC
A basic overview of trademark infringement
by: Business Law and Litigation at Raymond Law Group LLC
Apple Inc. settles class-action iPhone lawsuit
by: Business Law and Litigation at Raymond Law Group LLC
What types of lawsuits might business owners face?
by: Business Law and Litigation at Raymond Law Group LLC
Why might businesses want to mediate employment disputes?
by: Employment and Labor at Raymond Law Group LLC
Employee Misclassification Could Lead to a Wage and Hour Claim
by: Employment and Labor at Raymond Law Group LLC
Breach of contract or act of god?
by: Bruce H. Raymond

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins