[teknoids] clinic student/faculty communications and confidential info.

John Mayer jmayer at cali.org
Fri Nov 17 20:33:46 EST 2017


Sounds like a great CALICon18 session.

;-)

The call for proposals will be going out pretty soon.


John

On Fri, Nov 17, 2017 at 4:57 PM, Covey, Chad <covey at law.unm.edu> wrote:

> We faced the same issues, so a lot of the notes below are what others have
> shared with us off list (thank you to our many previous sharers) or our
> team and clinic have worked out; some issues are a bit tricky, so posing
> those as questions in hopes this helps Courtney and anyone else who has to
> work with Clinic email:
>
> ·         Apart from e-discovery, is your location subject to open
> records requests, and if so, depending on what is done over email, what
> would be open to those requests?
>
> o   If one was using a mechanism that  wasn’t ‘university student email’
>  -hmm, not sure what the ramifications are . . . .
>
> ·         If the owner of an email account is not checking it/or is gone,
> and important content or an attachment are in it, can that content be
> retrieved?  Quickly?
>
> o   If all the students CC a functional ‘listener’ address, or even set
> Reply To that address, that could capture the data for your clinic. There
> are other technical ways to capture email if you own your email system, or
> ask your provider for some sort of capture mechanism.
>
> ·         If a student uses their device to access clinic email, can it
> be subpoenaed?  Are there retention issues?   And then there’s texting,
> photos . . . . ay
>
> ·         As Ken notes, there are likely a number of reqs to specify for
> any personal device – auto-lock, auto delete after x bad attempts,
> Antivirus, VPN, passcode length . . . . can they have cloud apps on that
> device?
>
> ·         In terms of content, are certain data types like PHI banned
> entirely over email, whatever the device?
>
> ·         Do they always have to CC a Clinic supervisor on their emails,
> or first get permission?
>
> ·         Maybe your case management system has a good way to capture
> emails, though there are likely some procedurals related to that – the user
> may have to manually add emails to a case
>
> ·         If using personal devices, do they need to sign an agreement to
> handle clinic email?
>
> ·         Procedural – do students use a certain signature during Clinic,
> then adjust as they out process?  Does an out of office need to be set to
> warn senders?
>
> ·         Does a clinic need or want data loss prevention software that’s
> not provided by the university?
>
> ·         Is there a procedure if a device is lost or stolen?
>
> ·         Are emojis admissible?
>
>
>
> As Doug notes, I’d too argue there are many strong reasons to give clinic
> students separate accounts that can remain open at the clinic’s discretion,
> and provide more controls than maybe what the university can.
>
>
>
> Hope this helps!
>
>
>
> Chad
>
>
>
>
>
> *From:* Teknoids [mailto:teknoids-bounces at lists.teknoids.net] *On Behalf
> Of *Hirsh, Kenneth (hirshkh)
> *Sent:* Friday, November 17, 2017 12:46 PM
> *To:* Teknoids <teknoids at lists.teknoids.net>
> *Subject:* Re: [teknoids] clinic student/faculty communications and
> confidential info.
>
>
>
> Hi Courtney,
>
> A few thoughts:
>
>    1. Can you work with campus IT and the university counsel’s office to
>    examine the Google contract and determine whether they have any obligations
>    to comply with clinic confidentiality requirements?
>    2. Clinic users, both students and faculty, could take the extra step
>    of using an encryption product, such as Virtru
>    <https://www.virtru.com/>.
>    3. Beyond the risk of interception during transmission or hacking of
>    the Gmail message storage, students and faculty could be cautioned about
>    the risk of loss at their device, such as when a notebook, tablet or phone
>    is lost or stolen. The clinic could adopt a policy of requiring all to
>    encrypt those devices, which is good practice anyway. Of course, encryption
>    is not the be all and end all, but students, like attorneys, are required
>    to take “reasonable efforts” to protect confidential client information,
>    not superhuman effort.
>
> Best,
>
> Ken
>
>
>
> ken.hirsh at uc.edu
>
> (513) 556-0159
>
>
>
> *From:* Teknoids [mailto:teknoids-bounces at lists.teknoids.net
> <teknoids-bounces at lists.teknoids.net>] *On Behalf Of *Courtney L. Selby
> *Sent:* Friday, November 17, 2017 2:37 PM
> *To:* Teknoids <teknoids at lists.teknoids.net>
> *Subject:* [teknoids] clinic student/faculty communications and
> confidential info.
>
>
>
> Noids,
>
> Our students retain their Hofstra email accounts, and access to the
> messages sent and received during law school, indefinitely following
> graduation.  These student accounts are hosted by Google. Because clinic
> students communicate with the faculty regarding confidential matters
> related to clinic cases, we have some concerns about using student email
> accounts for clinic matters.  We have requested that our clinic students
> receive university employee accounts to be used only for communications for
> the clinic.  Unfortunately, under university policy we can’t assign our
> clinical students employee email accounts (though we are still attempting
> to negotiate an exception).
>
>
>
> Have any of you explored conducting faculty/student communications about
> clinical matters without the use of university student email?  We use Time
> Matters in the clinic, but I am not sure that the platform provides for
> one-on-one discussion between a faculty member and a student in a way that
> could satisfactorily replace email.
>
>
>
> Thoughts?  Solutions?
>
> Happy Friday!
>
> Courtney
>
> *Courtney Selby, **JD, MLIS* | *Associate Dean for Information Services,
> Director of the Law Library and Professor of Law *| Maurice A. Deane
> School of Law at Hofstra University Law Library
>
> 122 Hofstra University | Hempstead, NY 11549 | 516-463-5901
> <(516)%20463-5901> | lawcls at hofstra.edu
>
>
>
> Not everything that can be counted counts, and not everything that counts
> can be counted.
> - William Bruce Cameron
>
> [image: logo]
>
>
>
>
>
> _______________________________________________
> You are currently subscribed to teknoids as: jmayer at cali.org.
> To unsubscribe send a blank email to teknoids-leave at lists.teknoids.net
> --
> See the web interface at http://lists.teknoids.net/listinfo/teknoids to
> get your list password, unsubscribe, and view your list settings.
>



-- 
----------
John Mayer
Executive Director
Center for Computer-Assisted Legal Instruction/CALI
565 West Adams
Chicago, IL  60661
312-906-5307
312-906-5280 - fax
jmayer at cali.org
http://www.cali.org
twitter.com/johnpmayer
----------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.teknoids.net/pipermail/teknoids/attachments/20171117/d91a75d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2670 bytes
Desc: not available
URL: <http://lists.teknoids.net/pipermail/teknoids/attachments/20171117/d91a75d0/attachment.png>


More information about the Teknoids mailing list