By Jane Salem, Staff Attorney, Nashville
I’ve been asked to write about the fascinating topic of data security. While no one would ever call me “techy,” I’m nonetheless going to give this the old college try.
But first, to make this an even more exciting read, I’m going to throw in some legal ethics.
Earlier this month, the American Bar Association released an updated ethics opinion on “securing communication of protected client information.” It’s available here, but to give you a tiny taste, the 11-page opinion concludes that a lawyer may transmit client information over the Internet without violating the Model Rules, where the lawyer has undertaken “reasonable efforts” to prevent inadvertent or unauthorized access. However, a lawyer may be required to take “special security precautions” to protect against the inadvertent or unauthorized disclosure of client information “when the nature of the information requires a higher degree of security.”
In workers’ compensation, we receive medical records, and many state forms require social security numbers. These are two types of information that very likely require “a higher degree of security.” So, the Court has recently undertaken greater efforts to ensure that no one’s sensitive data is compromised.
The State of Tennessee uses Microsoft Office 365 Secure Message Encryption. Practically speaking, you’ll know a message is encrypted with Office 365 if you receive an email from the Court with “[secure email]” in the subject line. (We didn’t choose this protocol, by the way; the State’s I.T. staff did, and we assume they know best.)
The way the encryption works is, you’ll receive an email from us with an attachment – perhaps a copy of the signed settlement documents. After you open the attachment, you can sign in to a Microsoft account to view the message on the Office 365 Message Encryption portal. If you don’t have a Microsoft account, you can create one associated with your email address. In order to view the encrypted message, the email address for your Microsoft account must match the address to which the encrypted message was sent.
The alternative is to use the passcode sent to you in the email message. Get the passcode, enter it, and then click “continue.” The passcode expires after 15 minutes.
But what if you can’t even get that far, i.e. you can’t even open the attachment? If you’re up for a little trouble-shooting, start with this basic explanation about Office 365; ask your firm’s IT people for assistance; or contact the Bureau to request a copy by other means. (Note: While we always seek to be service-oriented, this last option is not particularly earth-friendly. Come on; give technology the old college try! You don’t want to be “worthless and weak,” do you?)
We thank you in advance for your willingness to help us keep sensitive data secure.