All Travel and No Play: Confidentiality Concerns if Working While Traveling
10Aug 2018

All Travel and No Play: Confidentiality Concerns if Working While Traveling

Summer is a popular time for taking a vacation. Or you may be traveling for work. Even when taking a vacation, many attorneys unfortunately can never truly leave work behind. That usually means traveling with a laptop or other device to be used for completing work. Yet your ethical duty to maintain client confidentiality pursuant to ORPC 1.6 remains the same when working outside the office.

In addition to security risks such as lost or stolen devices, you may be subject to searches or detainment of your devices when going through airport security. For example, pursuant to the Fourth Amendment the United States Department of Homeland Security has authority to search anyone crossing the border without probable cause. This includes searching “[a]ny device that may contain information in an electronic or digital form, such as computers, tablets, disks, drives, tapes, mobile phones and other communication devices, cameras, music and media players.” See the directive issued on January 4, 2018 for more information. As part of this authority, the department takes the position that this allows for searching of incoming and outgoing travelers’ electronic devices for data, including the ability to demand passwords and decryption of confidential information. They may even detain the device or information taken from the device if deemed necessary for security purposes. The directive clarifies that only material stored on the device itself may be searched, and nothing stored in the cloud should be accessed. Yet the department can still request passcodes to a cloud storage program.

Below are helpful tips to decrease your vulnerability to security risks if you intend to work while traveling:

Consider traveling with "clean" devices

A good option for protecting client information while traveling is to use a “clean” laptop or device, otherwise known as a “burner” device, containing no client information. Remember that “delete” does not completely remove information from a device. So either purchase a clean device or use a program that scrubs the device of all client information. See Hong Dao’s InPractice blog post for more information about permanent data erasure. As discussed below, then use the clean device to securely connect to the Internet and access client information stored in the cloud or connect directly to your firm’s office network. See Hong Dao’s InPractice blog post for more information about security when using cloud storage. Also do not keep any visible link to a cloud storage program or your firm’s network on your device. The same approach should apply to your phone since many of us use our personal phones for work purposes, such as checking email or accessing client information and documents through a mobile application

Use a secure Internet connection

Do not conduct work activity using public WiFi or a public computer. Hackers can easily gain access to the network and redirect Internet traffic to their device or broadcast their own network that appears similar to the public WiFi network, and proceed to steal information. Be sure you always have a secure Internet connection if working remotely to ensure all activity is encrypted. Many devices contain a feature that automatically connects you to known wireless networks. Turn off the feature so that you are required to connect manually to be sure you are connecting to the intended network. Obtain guidance from your IT support person to assist you with setting up secure remote access. Rather than using public WiFi or a public computer, options include:
 

  • ​​​​Using a virtual private network

    A virtual private network (VPN) creates a secure private Internet connection that requires your computer to communicate using only encrypted information while connected through a public network. It essentially creates a secure tunnel within a public network. There are many options for VPNs on the market, including Encrypt.me, TunnelBear, PrivateInternetAccess, and NordVPN.

  • Setting up your own WiFi hotspot

    This can be done using your smartphone or a standalone device that taps into a cellular network, also known as MiFi, to create your own secure wireless connection. Keep in mind that use of your smartphone as a hotspot may drain your phone’s battery and use up your data plan quickly depending on the type of work you’re doing. Check with your cellphone provider to determine your options. Options for MiFi devices include the Verizon Jetpack MiFi 7730L, and the AT&T Nighthawk LTE Mobile Hotspot. If not using a cellular network, other hotspot devices may require a physical hard-wired connection to the Internet. Know your needs before making any purchase, including accessibility to wired networks. Ensure that any hotspot you use provides a secure encrypted connection.

Make sure all devices are protected from unauthorized access

Lost or stolen devices is a common occurrence when traveling. Be sure all devices are protected from unauthorized access. Use two-factor authentication or biometric authentication, such as fingerprints or retina scans. See Sheila Blackford's InPractice blog post for more information about two-factor authentication. Also encrypt and lock or turn off all devices when not in use.

Update all operating systems and software programs

Before you leave, update your operating system and software programs on all devices you will be taking with you when traveling.
 

Be aware of your surroundings

If you perform work while in a public place, use a privacy screen so that those nearby cannot see the information being accessed. And remember to be cognizant of phone calls or discussions with others regarding a client matter in case it could be overheard.
 

Conclusion

The main takeaway is to know where your client data is stored and how secure the network is before you use it to do work, and take special precautions when working while traveling to protect client confidentiality.
 

Additional Resources:

  • PLF Practice Aids
    • Protecting Yourself and Your Law Firm from Data Breach Checklist (www.osbplf.org > Services > CLEs & Resources > Forms > Category > Cybersecurity and Data Breach)
    • Online Data Storage Providers (www.osbplf.org > Services > CLEs & Resources > Forms > Category > Paperless Office and Cloud Computing)
    • Floating in the Cloud (www.osbplf.org > Services > CLEs & Resources > Forms > Category > Paperless Office and Cloud Computing)
  • Oregon State Bar
  • United States Department of Homeland Security

Post Author: Rachel Edwards

Rachel Edwards

Read more about Rachel Edwards

Featured Posts

Peer-to-Peer Pressure: Interview with a Bookkeeper
08Apr 2024

Peer-to-Peer Pressure: Interview with a Bookkeeper

Venmo, Zelle, and Cash App are peer-to-peer smartphone applications (P2P) that streamline money transfers by linking user credit cards or bank accounts to rapidly move funds between users. In the legal field, client interest in P2P apps is rising. While undoubtedly convenient, lawyers must assess their security and suitability for their practice.

Key Insights from ABA TECHSHOW 2024: Embracing Tech Trends and Cybersecurity Imperatives
08Mar 2024

Key Insights from ABA TECHSHOW 2024: Embracing Tech Trends and Cybersecurity Imperatives

The ABA TECHSHOW, held in Chicago from February 14-17, 2024, was a melting pot of insights, innovations, and imperative discussions on the intersection of technology and law. As legal professionals met to explore the latest trends and tools, our PMAP team identified several overarching themes that emerged from the diverse array of presentations and discussions. Here are some key takeaways.

Shape Your Work With Pro Se Parties
09Jan 2024

Shape Your Work With Pro Se Parties

Clear communication with pro se parties can help prevent misunderstandings and allow you to better work with them and obtain the information you need to represent your client competently and diligently. Focus on building a professional relationship with them that clearly defines roles and interests. Consider the following tips when interacting with a self-represented litigant to help avoid potential ethics or malpractice issues.

SLAY THE EMAIL DRAGON WITH HELP FROM MERLIN
14Apr 2023

SLAY THE EMAIL DRAGON WITH HELP FROM MERLIN

How many hundreds — or thousands — of emails are in your inbox right now? At what pace is that number growing? Are you confident that an urgent message isn’t lurking in your queue? Does your computer constantly ping and pop up notifications? If these questions speak to the current state of your email account, you may have a problem. These are all telltale signs that a destructive dragon is living in your inbox.

Changing the Conversation Around Eating Disorders
13Apr 2023

Changing the Conversation Around Eating Disorders

Food is a necessity in our lives. Our society, however, has some very unhealthy pressures around disordered eating and distorted views of body image. It would make sense that a group of people facing heightened stress levels—such as attorneys—would find themselves in food-related challenges as a way to cope.