Work and the law in a time of remote work
DISCLAIMER: None of the material in this post or site shall be construed as legal advice. We have not entered into an attorney/client relationship, and you should contact a solicitor or other attorney for legal advice.
These are difficult times, and we hope that everybody is safe and healthy. Those of you with positions that permit remote work have undoubtedly confronted challenges with the transition.
Some of the firms without distributed or multiple offices may not have had systems in place to accommodate satellite or remote workers. In this new state of remote work, a number of solutions exist which may facilitate inter-office communication and collaboration.
For our purposes here, I'll refer broadly to 3 different families of technology in popular use: file sharing/synchronisation, video conferencing, and collaboration. Each of these types of technology solves for a specific set of business needs but can also suffer from their own deficiencies that may render them unsuitable for some industries.
Of course, every computer-based solution will share some of the same risks like data loss, data breach, down time, and connectivity issues. However, the companies that offer these services invest more resources into avoiding breaches and intrusions than most other firms could. In short, it's incredibly likely that Amazon and Microsoft invest more in cybersecurity than your firm. I might be willing to bet on that.
Other considerations emerge with respect to jurisdictional regulations on matters like lawyer/client privilege, trade secrets, and even copyright! Storage of Personally Identifiable Information (PII) could have implications for GDPR or domestic privacy legislation, as well as any regulations regarding medical data such as HIPAA in the United States.
You should consider the relevant ethical rules, regulations, and legislative/statutory implications before flocking to a tech solution for a business need in this time of remote work.
Here's a bit of a more granular examination of relevant considerations regarding some of these flavours of solution:
Several popular filesharing and synchronisation services copy the designated files to a centralised server before writing them to the other users' shared devices. Depending on the provider's terms of service and the rules of the jurisdiction, a lawyer or firm could run the risk of jeopardising privilege and confidentiality. Without careful consideration of the appropriate service and the appropriate permission settings, a lawyer or firm could inadvertently expose client information to others within the firm who should not see it, or, worse, out side the firm.
While videoconferencing services can be spectacular for meetings and calls, they all have vulnerabilities or features that can easily be exploited by bad actors. For one, many services offer a "recording" feature that can capture a combination of video and audio. Once recorded, who knows how that recording can be distributed or shared? In addition, many operating systems have a built-in screenshot feature or support screen capture videos, so a conference participant or attendee could capture images or video of shared slides of presentations.
In addition, some services might not allow for private rooms on the "free" tier. While many services create unique URLS for conference rooms or meeting IDs, they may not offer access control which opens the door for third parties to enter masquerading as attendees or to disrupt the meeting.
There are a number of products and services aimed to complement/supplement traditional email for team communication and collaboration. Some of these services offer features more reminiscent of a series of chatrooms around aspects of business or clients that allow for a more naturalistic discussion around an issue than the ever-forking and collapsing email threads that inevitably lead to confusions -- or the occasional lawsuit!
Anyway, while many of these services offer a high degree of customisation that lends to widespread adoption and use, they are also third-party systems that could store your data in any number of jurisdictions which carries with it all sorts of implications.
Further, many of these services, if improperly configured, could allow for team members to access improperly secured private areas, expose confidential content to the wider team, or even permit non-employees to access the firm's digital work area.
Additionally, some of these service support integrations or plugins aimed at facilitation cross-sytem collaboration that could present additional security/permission risks that should be considered before being activated.
When piloting new or unfamiliar tech, be sure to take a studied and considered approach and include team members skilled and knowledgeable in the relevant areas of cybersecurity, privacy, or law. Review the license agreements and contracts, and make sure you understand the risks!
If you'd like to learn more, please click here before 30 April to email Marcella McCann, and we may organise a session with members of the Legal Innovation Centre and cyber security experts with the School of Computing, Engineering, and Intelligent Systems.