Thursday, May 3, 2018
Protecting Privileged Communication
Privileged communication is an interaction between two parties in which the law recognizes a private, protected relationship. Whatever is communicated between these pairs of parties shall remain confidential, and the law cannot force disclosure of these communications. The individual that initially makes the privileged communication legally has the ability to prevent the other party in the relationship from disclosing the content of the privileged communication. One of the most commonly cited relationships where privileged communication exists is the attorney and client relationship. This relationship is called attorney-client privilege. Other recognized privileged communication includes doctor/psychotherapist-patient, clergy-penitent, and communication to one's spouse.
There are conditions that must be met in order to preserve the confidential status of these communications. First, the communication must be between people in a legally recognized protected relationship. Next, the communication must take place in a private setting, where the communicators have a reasonable expectation of confidentiality (like a private office). Lastly, the privileged status of the communication is lost if or when the communication is shared with a third party that is not part of the protected relationship. However, agents of the recipient of the information - such as an attorney's paralegal or a doctor's nurse - would generally not be considered a third party that defeats the privileged status of the communication.
Under the law the recipient of a privileged communication has a duty to safeguard and protect that information from disclosure. The person making the privileged communication may however waive that privilege and disclose the information. For example, my doctor may not discuss my health and medical treatment with an outside party, but that doesn't prevent me from discussing my own medical conditions with whomever I choose.
There are legal complexities as to what may be considered privileged communication, which go beyond the content of this post, but once you have determined that a communication is in fact privileged, here are a few things you should consider.
Encrypt all e-mail and attachments. This requires a compatible encryption between all parties of a privileged communication. Encrypted file transfer / messaging systems like Encyro and Sendinc may be a way of establishing encrypted communication with a client who does not have other secure e-mail options.
Never send sensitive information in a SMS/Text Message. If you must communicate short sensitive messages use an end-to-end encrypted messenger with expiring / disappearing messages. One example would be Signal Private Messenger.
Voice communication should be over an end-to-end encrypted channel, or preferably face-to-face in a private area.
Use password protection on all sensitive documents. This limits that ability of someone with access to your computer system from accessing sensitive documents unless they have the document password.
Store all electronic records in an encrypted container (i.e. Bitlocker / FileVault2 / VeraCrypt).
Store all paper files in a locked security container.
Destroy sensitive information when no longer needed using an electronic wipe program and/or a cross-cut paper shredder.
Be aware of who else might have access to privileged communication and confidential records. System administrators may have access to everything on your computer network, and janitorial / maintenance staff may have access to offices after business hours.
--
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.