Using File Transfer Services: Ethical Considerations
How many times have you needed to send a large file to someone else? Did their email server allow you to email it? If that person was on AOL, the answer would clearly be “NO.”
Today’s internet brings a plethora of solutions for this problem. Many file transfer services have cropped up, allowing you to send a large file to anyone with an email address, via the file host’s servers. One such service, YouSendIt! was just featured as a solution for lawyers.
It’s high time that we ask: what ethical considerations are involved in using a service like this?
The most important question seems to be whether any confidential data that you send via these services will remain confidential. At the very least, what steps should lawyers take to attempt to ensure confidentiality?
If you have ever used a file transfer service like YouSendIt!, did you read the privacy policy or terms of service? I am no ethical expert, but it would seem that if you did not even inquire about the confidentiality of the data you entrusted to an internet company, you are opening yourself up to ethical problems.
Perhaps this is like entrusting your client’s private information to a random guy with a bike, in the hopes that he will carry it across town for you. Maybe the messenger will reliably transport your files, but will he peek at them? Did you even try to ensure that he won’t?
YouSendIt! expressly provides on its main page (where you upload a file and input recipient info) “By clicking on the ‘Send it’ button, you agree to YouSendIt’s Terms of Service.” A link below asks, “Need secure transfers?” Nowhere on the page does it mention privacy or confidentiality.
Did you read the Terms of Service? If you so, you would notice that they don’t actually mention file security. To see that, you have to click on the Privacy Policy link, which includes this section:
File Transfer Security
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you at our site. Files stored for delivery are only accessible by YouSendIt and through the clickable link generated for your recipient. All files stored for delivery are deleted when they expire.
Did you see where it said “we will not abuse your data ourselves?” I think not. They are going to “protect” it, but then they specifically say that they can access it. I wonder what that means…
In the end, all I’m urging is caution. Will using YouSendIt! get you disbarred? No. I’m not an attorney, so I can’t give you legal advice. Just be cautious when entrusting confidential information to anyone, especially internet-based services.
[tags]legal andrew, yousendit, file transfer, attorney, lawyer[/tags]
Get more legal tips
|
See also... |
Comments
4 Responses to “Using File Transfer Services: Ethical Considerations”
October 30th, 2006
Good points. I assume this concern over privacy would also apply to online backup systems. I recently used an online backup system, and noticed in the agreement that although the company attempted to keep the information secure, a user must understand that the company has no contractual obligation to keep the information secure. I realize the company is trying to protect themselves in case a hacker obtained access to files, but this language exposes users to risks because they do not guarantee the privacy of a user’s clients’ data.
October 30th, 2006
You present a very good point as well. For that matter, all of these concerns apply to email as well.
In the end, there is probably some “reasonableness” standard as far as protecting confidential client information. If an attorney takes reasonable precautions, I would think a crazy fluke wouldn’t be a huge problem ethically.
Thanks for stopping by,
Andrew
November 6th, 2006
I’m not a lawyer, nor do I play one on TV.
May I suggest a most simple work around? If you have a big glump to transfer and it even MIGHT be private (i.e., if you are NOT absolutely sure it’s public info. AND bear in mind, from my time on Wall Street, I know that interest in public info by a registered rep is in and of itself sensitive), then encrypt it.
Now before everyone runs for the silver bullets and garlic, it’s almost trivial.
Get any of the free zip utilities. Take your file and zip it up with the password option. (Make the password easy live NEVADA, DOPEY, or CONSTELLATION. Just not “password”!) And, upload your encrypted and compressed file. (If you make it an executable, it’s easier the receiver.) The receiver takes the file download and is challenged for the password.
That allows you to use a free utility service for private information. If you are really paranoid, encrypt it twice with different packages and different passwords.
imho
November 6th, 2006
Perfect solution! This is a really good way to ENSURE that confidential information remains so. Also, zipping the file would make a tad smaller, making it easier to transfer via the service anyway.
Thanks for your great input!
Andrew
PS: I like the work you’re doing over at your blog. Thanks for stopping by.