0. The Winning Case for Online Document Management
CLE CODE: 23277
The Winning Case for Online Document Management
Presented by:
Christopher T. Anderson, Esq.
Product Manager
LexisNexis Firm Manager®
Dan Barahona
VP Business Development
WatchDox
Lex Mundi

1. Christopher T. Anderson, Esq. Product Manager, LexisNexis Firm Manager®
The proud father of a six-year old boy, avid pilot, and lawyer: Christopher is the Product Manager for LexisNexis Firm Manager®, a web-based practice management system that helps attorneys get and stay organized, serve their clients better, work more productively, at any time, from anywhere. Mr. Anderson has authored several articles, and spoken to fellow attorneys on a wide range of topics, including law firm management, the ethics of cloud computing, the future of technology in law firms, etc. Mr. Anderson has presented to Legal Tech New York, ABA TECHSHOW, various State and Local Bar associations, National CLE conferences, etc. Prior to working with LexisNexis, he was the managing partner of full- service law firm in Georgia. Mr. Anderson practiced in the fields of family law and business litigation, and nurtured his passion for bringing technology to bear to help lawyers work smarter, serve their clients better, and be more profitable. Previously, he also served as an assistant district attorney in New York City, and in Georgia. Mr. Anderson was also Associate General Counsel and Director of Client Services for RealLegal, a legal software company. He is a graduate of Cornell University, and received his Juris Doctorate from the University of Georgia School of Law in Christopher Anderson is admitted to practice in the federal and state courts of New York and Georgia.
Lex Mundi

2. Dan Barahona VP, Business Development, WatchDox, Inc.
Dan leads business development for WatchDox and is responsible for the company’s strategic partnerships and driving new market opportunities. WatchDox is Before joining WatchDox, Dan was Vice President of Business Development at ArcSight, where he led the company’s technology alliances and partner ecosystem, as well as ArcSight’s integration into HP after its acquisition. Prior to ArcSight, Dan joined Sensage as one of its first 10 employees and drove the company’s transformation into the information security space. As the Vice President of Business Development, Dan led Sensage’s strategic alliances, completing OEM relationships with HP and Cerner, and partnerships with EMC, McAfee and SAP. Dan holds a B.S. degree in Engineering from the Rensselaer Polytechnic Institute, a Master of Engineering degree from Cornell University, and an MBA from the University of Michigan.
Lex Mundi

3. Clinging to the Past
The “management of documents” has been a mainstay of lawyering since its inception. The creation, interpretation, preservation, and destruction of documents have long been the purview of attorneys. While the most important of these have been recorded with the Courts, others, including wills, contracts, indentures, instruments, and evidence have long been safeguarded … more or less effectively, by we, the legal profession.
Model Rule of Professional Conduct 1.15: Safekeeping Property:
A lawyer shall hold property of clients or third persons that is in a lawyer's possession in connection with a representation separate from the lawyer's own property. ... [P]roperty shall be identified as such and appropriately safeguarded. Complete records of [the] property shall be kept by the lawyer and shall be preserved for a period of [five years] after termination of the representation.
Anecdote – The storage unit of TW&A, and other firms. Unknown destruction of documents by pests, moisture, water, fire, etc.
For a long time, we have created, stored, shared, and transmitted documents in a variety of ways … many of which date back to much simpler times. Once upon a time it was impractical to safeguard all but the most secure documents, unthinkable to “back-up” boxes and boxes of stuff, and unimagineable to retain control of a document once it left your office. No more.
Resources:
– Overall gyude to Records Management Issues
- ABA Materials on Client File Retention
– On obligations around Electronic Documents
Resources:
Lex Mundi

4. Traditional Methods Of Document Retention
Traditionally, documents started out as paper, were copied onto paper, and were stored as paper. (After stone tablets, of course.)
Model Rule of Professional Conduct 1.16: Terminating Representation
Upon termination of representation, a lawyer shall take steps to the extent reasonably practicable to protect a client's interests, such as giving reasonable notice to the client, allowing time for employment of other counsel, surrendering papers and property to which the client is entitled and refunding any advance payment of fee or expense that has not been earned or incurred. The lawyer may retain papers relating to the client to the extent permitted by other law
Model Rule of Professional Conduct 1.16: Terminating Representation
Upon termination of representation, a lawyer shall [surrender] papers and property to which the client is entitled… The lawyer may retain papers relating to the client to the extent permitted by other law.
Lex Mundi

5. What Defines Digital Documents?
Dan – evolution of digital documents
Chris – adds flavor legal industry specific
4 kinds:
Documents originally on paper – Scanned
Documents originally on paper – Scanned and OCR’d.
Documents originally electronic
Documents originally electronic, and converted to another format
Consider storage medium, and future accessability
Not limited to “documents”
Word
Excel
Audio
Video
Etc., etc.
Lex Mundi

6. Evolving Customer Expectations
Chris - With HIPAA laws and customers demanding more transparency, law firms are forced to make changes on how they share information with clients.
Clients are used to accessing documents where they want, when they want.
Evolving client expectations vis-à-vis how lawyers are organized (and conduct their business)
Self-help
Sophistication
Anecdotes about banking, Dr. lab reports, etc.
Dan – Add anything relevant
Lex Mundi

7. How to minimize risk by going digital
Chris to take and ask Dan a couple of questions specific to minimizing risk
Lex Mundi

8. Cloud Storage: Is It Safe?
This slide leads to risk management – point out that what they currently have today in the office to include servers is not as safe as some cloud solutions.
How traditional methods of document storage are actually less safe than online storage
Risks
Fire
Intrusion
Theft
Loss/Misfiling
Mitigation
Backups
Security
Detection/Protection/Expiration
Search
Model Rule of Professional Conduct 1.15: Safekeeping Property
A lawyer shall hold property of clients or third persons that is in a lawyer's possession in connection with a representation separate from the lawyer's own property. ... [P]roperty shall be identified as such and appropriately safeguarded. Complete records of [the] property shall be kept by the lawyer and shall be preserved for a period of [five years] after termination of the representation.
Lex Mundi

9. How Much Security do You Need?
Self assessment
Client-Lawyer Relationship
Rule 1.6 Confidentiality Of Information
(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).
(b) A lawyer may reveal informa tion relating to the representation of a client to the extent the lawyer reasonably believes necessary:
(1) to prevent reasonably certain death or substantial bodily harm;
(2) to prevent the client from committing a crime or fraud that is reasonably certain to result in substantial injury to the financial interests or property of another and in furtherance of which the client has used or is using the lawyer's services;
(3) to prevent, mitigate or rectify substantial injury to the financial interests or property of another that is reasonably certain to result or has resulted from the client's commission of a crime or fraud in furtherance of which the client has used the lawyer's services;
(4) to secure legal advice about the lawyer's compliance with these Rules;
(5) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer's representation of the client; 
(6) to comply with other law or a court order; or
(7) to detect and resolve conflicts of interest arising from the lawyer’s change of employment or from changes in the composition or ownership of a firm, but only if the revealed information would not compromise the attorney-client privilege or otherwise prejudice the client. 
(c)  A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
Model Rule of Professional Conduct 1.6: Confidentiality of Information
(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent…
(c)  A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
Lex Mundi

10. Data Protection
“The only truly secure computer is the one unplugged from the wall and locked in a vault.”
At bare minimum, vendors should provide “better-than-yours” data security. Ask them about:
Encryption type?
Environmental security?
Testing methods?
Real-time intrusion monitoring?
Third party certifications?
Internal controls?
Lex Mundi

11. Ensuring Your Online Data is Properly Protected
Chris takes and Dan adds to it
There are some standard credentials you should look for when shopping for a reputable vendor.
You will see reference to SAS 70 type ii attestation. This is a Statement of auditing standards developed by the AICPA, the American Institute of Certified Public Accounts, to audit and examine internal controls of service organizations. SAS70 encompasses a number of data center best practices i.e.:
Built and Constructed for Ensuring Physical Protection
Protection of the Physical Grounds
Provisioning process – someone who checks everyone entering and leaving the building
Off-boarding process – when an employee leaves – a process for removing any access
Maintenance of Vegetation – for purposes on not concealing or hiding an intruder
Security Systems and 24x7 Backup Power
Electronic Access Control systems
Alarms, Cameras, Data center security (armed guards)
Scheduled and unscheduled security inspections by internal and external parties
These are just a few of the items as must haves for SAS70 compliance
There was a blog by David Cochran () in mid-May that discussed the importance of making sure you find a provider that is SAS70/SSAE 16 certified, now he was referring to a discovery management provider but it is relevant for any cloud based solution where you have client privileged information. (see below for detailed references in the article). To sum up Mr. Cochran said “Does the provider you are about to select have the SAS70/SSAE 16 certification? If the answer is no, then move on.”
2) eTrust - An eTrust Privacy Certification indicates that your website has been reviewed by eTrust and has met our stringent privacy and data protection requirements. Having an eTrust Privacy logo on your website or obtaining this certification signifies to customers that any critical data collected, such as home addresses and phone numbers are not exchanged with third parties without their consent. This is vital in having a trustful relationship between you and your customers. eTrust Privacy Certifications need to be renewed each year, however if you change your Privacy Statement we will automatically reassess it (there is no fee for this).
3) Why should you care about where data centers are located? Not all countries have the same privacy and protection laws that the US enforces when it comes to your data and client privileged information.
4) Trustwave, TrustE and HIPAA/HiTech are also terms you want to look for. Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations ; TRUSTe ensures compliance with evolving and complex privacy requirements; HIPAA/HiTech – this is mainly meaning that we encrypt information, we secure the data with authentication, we backup the data, we virus scan the data, etc.
4) I think the other criteria you should consider when selecting a company to trust is their history and reputation in the industry. You want to be assured that the business you trust to lease mission critical software from and house your data is going to be around a year or two from now.
U.S. Data Centers
Lex Mundi

12. Data Ownership
Above all, your confidential client data belongs to your client.
Questions to ask:
What are your contract terms/conditions?
Policies on Government requests?
Data return procedures?
What happens when you cancel?
How are third parties vetted?
Use of my data internally?
Is any anonymized information used?
Re: Government requests – we have to abide by government requests, however, you own the data, we have to provide you with notice we are being asked for data
Questions to ask:
What are your contract terms/conditions?
Policies on Government requests?
Data return procedures?
What happens when you cancel?
How are third parties vetted?
Use of my data internally?
Is any anonymized information used?
Lex Mundi

13. Data Ownership
Actual Terms and Conditions from (non-legal focused) Cloud Vendors…
BRAND X will have no responsibility for any harm to your computer system, loss or corruption of data, or other harm that results from your access to or use of the Services or Software
BRAND X: If you add a file to your [Brand X] that has been previously uploaded by you or another user, we may associate all or a portion of the previous file with your account rather than storing a duplicate
BRAND Y: When you upload … content to our Services, you give Brand Y (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works … communicate, publish, publicly perform, publicly display and distribute such content.
BRAND Y: Your domain administrator may be able to … access or retain information stored as part of your account [and]restrict your ability to delete or edit information… or privacy settings.
X is Dropbox
Y is Google
More Dropbox:
You, and not Dropbox, are responsible for maintaining and protecting all of your stuff. Dropbox will not be liable for any loss or corruption of your stuff, or for any costs or expenses associated with backing up or restoring any of your stuff.
We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights.

14. Digital Rights Management
What is it? Why should I care?
Digital Documents
Start with Dan –
Digital Rights management has been around as early as the 1960s when recordings began to be pirated. And when documents went digital, and became the prevalent way to communicate and send documents, many problems and risks were introduced to the world of Digital Rights Management.
What it is? What it isn’t
Hand off to Chris
The 2012 ABA Legal Technology Survey showed that, although 57% of law firms offered an online (or cloud based) method of document management or storage, and 21% of lawyers use this type of service on a regular basis. It’s important to understand the professional responsibility of a lawyer and the ABA Model rules that focus on client privilege and protecting client information.
Of the ones who do, only about 1/3 bothered to read corresponding privacy policies or make sure the sites had proper encryption.
SharePoint
Cloud
Lex Mundi

15. Retrieval: Structured vs. Unstructured Data
Search
Lex Mundi

16. Powerful New Methods
There are powerful and new methods of digital document search that can save hours of wasted time
Dan talks about the trends in the document industry
Chris talks about the legal industry specific stuff
Lex Mundi

17. Transmitting Information
Dan will talk about encryption
Chris chimes in with legal specific stuff
Lex Mundi

18. Chris - How to lead the change for going digital at your firm:
With Facts and Resources … what you learn here is a good start!
By Example. Try it, learn it, teach it.
By Comparison … is it better than what you’re doing today?
Lex Mundi

19. Watchdox: Secure File Sharing and Mobile Productivity
Secure “Dropbox”
Mobile Productivity
Here is an example using WatchDox of the type of Saas based solutions that are affordable as they are robust.
Secure File Sharing
Document Control
Track and Revoke

20. Questions
LexisNexis

21. For Your Reference and Reading Pleasure
Sources
For Your Reference and Reading Pleasure
A Lawyer’s Guide to Records Management Issues, Chubb Insurance
(Overall guideto Records Management Issues)
Materials On Client File Retention, American Bar Association
s_on_client_file_retention.html
THE ASSOCIATION OF THE BAR OF THE CITY OF NEW YORK COMMITTEE ON PROFESSIONAL AND JUDICIAL ETHICS, Formal Opinion :
A LAWYER’S ETHICAL OBLIGATIONS TO RETAIN AND TO PROVIDE A CLIENT WITH ELECTRONIC DOCUMENTS RELATING TO A REPRESENTATION
Lex Mundi

22. The Winning Case for Online Document Management
CLE CODES: 23277
43411
Thank You!
The Winning Case for Online Document Management
Presented by:
Christopher T. Anderson, Esq.
Product Manager
LexisNexis Firm Manager®
Dan Barahona
VP Business Development
WatchDox
Lex Mundi