Just Google That!


When I first heard about Googling from my late mother-in-law, I was skeptical. Jackie was relentless about converting people to her newest way of doing things. I felt I had her number so was prepared to be underwhelmed by the usefulness of Google. As usual, Jackie was right! Google was a great tool and it still remains one of my favorite tools.

Google looks so unassuming….

 GoogleI used to just pop what I’m looking for into the search box and away I’d go.  Recently, I learned some helpful search tricks that make me more of a Google Geek or at least more proficient in my Google searches. In the spirit of Jackie, here are just five of the cool search tricks that may help you supercharge your next Google search.


Don’t let a misremembered word or phrase stop you. Use an asterisk ‘*’ to tell Google that there is a missing word or group of words that should be filled in with the most relevant search result. For example, “Data that is being transmitted over the Internet, into the cloud, should be * to protect it.”


This is what Google figured out I was searching for:

 Search 1



Stumped by a slang term you think you should know for surviving holiday dinners with your teenaged nephew? Use “define:slangword” to finally find out what they are talking about.


This is what Google revealed about the term, “tweaker:”

 Search 2



If you want to find something quickly within a website, use “site:” 

This is what Google revealed about the term, “practice management” on the Oregon State Bar website:

 Search 3



Find links to certain websites with “link:”  For example, do you want to know who has linked to your website or to your blog or even your firm’s Facebook page?

Here is what Google showed me about links to my blog:

 Search 4



Search for specific words in a title by using “intitle:”

Here is what Google for articles about waiving attorney-client privilege: 

 Search 1


I hope you can put these five Google search tips to use and keep your eyes and ears open for additional Google search tips! 

How Safe Do You Want to Be?

The scary thing about trying to prepare yourself and your law firm from intruders is identifying the possible source of attack. That’s why this infographic from The Guardian caught my eye. Do you know who is the bogeyman? You may be in for an Alfred Hitchcock surprise attack.


Insider Threats vs. Outsider Threats Cybersecurity Infographic

Infographic by Digital Guardian

Yahoo! Latest Dangerous Place to Be




I read Oregon’s Attorney General Ellen Rosenblum’s fraud alert on the Yahoo data breach. Makes me unhappy to read because 500 million users includes lawyers and many friends and family members. Why anyone would use yahoo for email if they are a lawyer is a question for another day. Or not. Please beware that the old adage: there’s no such thing as a free lunch has important lessons. Encrypt, encrypt, encrypt. Or plain avoid using free email platforms for your business. Google has business mail that is different from their free gmail. Your business is your business. But so is your clients’ business so you have an ethical duty to protect your clients’ business.

Ok, I am off my soapbox. Here below is AG Rosenblum’s post. Sign up for her alerts here. 



Was your information exposed in the Yahoo data breach?

Yahoo has confirmed data “associated with at least 500 million user accounts” has been stolen in what may be one of the largest cybersecurity breaches ever.

The stolen data may include names, email addresses, telephone numbers, dates of birth, passwords, as well as security questions and answers.

“This latest hacking “bombshell” — and the huge number of people affected by it — is a real reminder of something we often don’t take the time to do: We must be vigilant about changing our email passwords regularly! If you use any Yahoo product, you should make sure you change your password immediately, and closely monitor any credit cards associated with your account,” Attorney General Rosenblum said.

If you use Yahoo services and have an account with Yahoo, you should do the following as soon as possible:

  • Change your Yahoo password, as well as your Yahoo secret questions and answers; and
  • If you reused any passwords, secret questions and answers from your Yahoo account to any other account (Gmail, Hotmail, etc.), change that information in those accounts as well.

In addition, Oregonians who have shopped and used a debit or credit card on a Yahoo account, or on a Yahoo web service, should:

  • Monitor your credit report. Visit www.annualcreditreport.com or call 1-877-322-8228 to order a free credit report and review it for errors.
  • Avoid clicking on links or downloading attachments from suspicious emails. Yahoo will be contacting affected users about this issue, but these emails will not ask you to click on any links or contain attachments and Yahoo will not ask for your personal information.
  • Beware of “phishing” (the activity of posing as a legitimate company to gain access to financial accounts) attempts and unsolicited calls or emails offering credit monitoring or identity theft services. These offers are attempts to steal your personal information.

If you find unexplained activity on your credit report or if you believe you are a victim of a “phishing” scam, there are important steps you can take to protect yourself. Contact the Attorney General’s consumer hotline at 1-877-877-9392, review the Attorney General’s website – www.oregonconsumer.gov – for information on identity theft, or view the Federal Trade Commission’s identity theft resource, available at www.consumer.gov/idtheft/.
Thank you, Attorney General, Rosenblum!


copyright September 23, 2016 Sheila Blackford

Practice Area(s) plus 1

image   by Sheila Blackford   ©2016

All lawyers must practice in two areas, their substantive area and ethics.

I remember the chit chat before the first day my ethics course in law school. The consensus was that it was an unnecessary class but would be a welcome break from the substantive law classes. I kept my opinions to myself as I had already found the ABA Model Rules on the Internet and devoured them. I liked Ethics and found the hypos a breath of fresh air, real life dilemmas sure to arise. Looking back almost twenty years later, I think it was the most helpful class as no matter what practice area lawyers get or transition into, ethics is always a plus 1 that stays consistent.

In Oregon, bar complaints are directed to the Client Assistance Office for evaluation of whether there has been a breach of ethical duties that need to be referred to the bar’s disciplinary counsel. Triage. They deal with a lot of complaints from clients and third parties. As long as the CAO has issued their reports, the main complaint areas revolve around communication, neglect, and fees. How easy to fix these problems!

ORPC 1.4 Communication. (a) A lawyer shall keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information. 

Reasonably Informed.  Some lawyers bristle at this. Clients want to know what’s going on with their case.  It is a pretty easy standard to meet, though beware the subjectiveness of what is reasonable. In the lawyer’s world there are many client matters to be concerned with, some with more pressing urgency than others. In the client’s world, there is only one case: the client’s. Communicate ahead of time how you will communicate, how often you communicate, and when you will communicate. Provide a roadmap of the client matter so that the client understands the real life process of a lawsuit. On t.v. They are in court before the second commercial and the case is settled before the closing credits run. What a shock to find out how long it really takes.

Be clear with the message communicated, I will call you back later, meaning what?? Doubt this is a big deal? Those of you who are parents should think back to your call to the pediatrician when your baby was sick. I was told the doctor would call back and I was frozen for hours next to the phone. Fear clutched at me and I wouldn’t have wanted to eat even if I had walked away from my post into the kitchen. “Teething, just teething could bring on a fever and wailing?” Teething and colic were frightening events to a new parent. The tone of voice delivering the telephone diagnosis just made me feel more distressed and angry to have waited so long for a return call. The doctor was busy with urgent matters and mine concerns were insignificant. Your client feels the same often. If I’d only known that the doctor returned calls from 11:30 to noon and 4:30 to 5:00 or the next morning from 7:30 to 8:00.

Care of your client is easier when you explain timelines ahead of time even though all divorces don’t proceed in the same timeline. Do yourself and your clients a favor by setting forth what happens in a typical divorce proceeding, what can cause delays, when the client should call to report what just happened. Otherwise you may get called when the future ex spouse has taken the bathroom rug. Seriously, one family law attorney shared this very annoyance. I helped her to compose a Call Me Do’s and Don’ts list with a few funny examples thrown in to lighten things up. A divorce is traumatic and emotional and people going through a divorce aren’t going through their best times. And especially for personal injury suits, there long periods when nothing is happening. Because your client is not perched on a chair day after day seeing that nothing is going on, really, you should explain this ahead of time and use simple Status Update forms to quickly check in with your client and reassure you haven’t forgotten your client exists. Think about it: your client is in pain physically, mentally, emotionally thinking about this pain 24/7. A Status Update sent out monthly or bi-weekly is welcome reassurance that you haven’t forgotten. It’s even better than calling your client’s home at noon on a work day to leave a voicemail that all is well, you’re just waiting to receive medical records requested last week from the doctor. Scan that Status Update or bcc yourself or your legal assistant to preserve a record of your client communication.

Reasonable requests for information are handled the same way. If your client is too demanding, you have failed to properly set client expectations. I told my elder law clients in my written fee agreement that I would provide them copies of everything,  which comprised their client file. I gave them a sturdy client file with a copy of their signed fee agreement and with papers write down all their questions so they didn’t forget something they wanted to ask me. I told them to bring this file to every client meeting and to put their copies into it. Documents were hole-punched and stamped “For Your Client File, No Action Needed.” It cut down on multiple phone calls to tell me something or ask me a question they had forgotten earlier.  I adapted this information management tool from teaching sixth graders how to stay on top of their assignments. See if you can adapt it for your own clients.

ORPC 1.3 Diligence. A lawyer shall not neglect a legal matter entrusted to the lawyer.

First thing to consider about client complaints about neglect: communicate don’t ignore your client or your client’s matter. Keep track of deadlines, even those imposed by your client, and use reminders, at least one reminder but this is frequently increased to three because the deadline requires adequate preparation time. Don’t wait until the last minute to do something because technology gremlins love causing printer malfunctions or crashing software programs when either are guaranteed to raise your stress level. Allow the time it takes to avoid poor performance. Notice the word entrusted. A client matter — no matter how small –has been entrusted to you by the client. It is always a big deal to your client. One of the biggest dangers of taking a case out of a desperate need for cash flow is that you may not like that client or the client matter. And what does that encourage? Putting off dealing with the client or client matter. You know that client file languishing on your credenza, office chair, or floor? Tackle it! Sooner than later. Get it done or fire the client before it is too late and you are stuck or have a bar complaint for neglect or a malpractice claim for missing a deadline that causes harm to your client. It is interesting to note that many follow up inquiries after a malpractice claim reveal that the lawyer would not have taken on the case in retrospect. Save yourself and your client needless stress: though shall not procrastinate or neglect a client matter. See the PLF practice aids for calendaring and docketing along with checklists for the substantive areas of law. you need checklists so you don’t overlook anything which is neglecting to do what you are supposed to do and when you are supposed to do it!

ORPC 1.5 Fees (a) A lawyer shall not enter into an agreement for, charge or collect an illegal or clearly excess fee or a clearly excessive amount for expenses. 

Notice that a fee is evaluated for being in compliance at three distinct times.

1. Enter into an agreement is when you form your contract, verbal (foolish) or in writing, at execution of your written fee agreement (wise).

2. Charge for fees or expenses. Sending out your monthly billing statement.

3. Collecting for fees or expenses. When client pays you.

All three times must be reasonable. What is reasonable? See Rule 1.5(b). Review the Economic Surveys on the OSB website which provide details about what is customarily charged, where, and by whom. http://www.osbar.org

Enjoy your practice of XYZ law and ethics!










Acting Competently: Complying with data security laws

image    by Sheila Blackford   ©2016      Lawyers have a fiduciary duty to preserve client confidentiality that has long been codified in Oregon under ORPC 1.6 Confidentiality of Information. For more than a quarter of a century, paper-based client files have become electronic files. The need to protect electronic client records has only become more imperative as lawyer have transmitted and stored their client files on the Internet.

ORPC 1.6 (7) (c):

A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

 ABA Model Rule 1.6 Comments 18 and 19:

 Acting Competently to Preserve Confidentiality

[18]   Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3.  The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure.  Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule.  Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules.  For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].     

[19]   When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.  Whether a lawyer may be required to take additional steps in order to comply with other law, such as state and federal laws that govern data privacy, is beyond the scope of these Rules.


The words should fill you with dread. Then you will have the proper mindset to address the necessary protections so that you can prevent a data breach or at least insure that if data is breached, the data has been rendered unreadable because it is encrypted.

Be concerned about a breach of security and personal information. Both are defined terms in the Oregon Identity Theft Protection Act.  ORS §§646A.600-646A.628.

 What is a breach of security?

ORS §646A.602 (1)(a) “Breach of security” means unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal information maintained by the person. 

 What is encryption?

ORS §646A.602 (6) “Encryption” means the use of an algorithmic process to transform data into a form in which the data is rendered unreadable or unusable without the use of a confidential process or key.

What is personal information?

 ORS §646A.602 (11) “Personal information”:

(a) Means a consumer’s first name or first initial and last name in combination with any one or more of the following data elements, when the data elements are not rendered unusable through encryption, redaction or other methods, or when the data elements are encrypted and the encryption key has also been acquired:

(A) Social Security number;

(B) Driver license number or state identification card number issued by the Department of Transportation;

(C) Passport number or other United States issued identification number; or

(D) Financial account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to a consumer’s financial account.

(b) Means any of the data elements or any combination of the data elements described in paragraph (a) of this subsection when not combined with the consumer’s first name or first initial and last name and when the data elements are not rendered unusable through encryption, redaction or other methods, if the information obtained would be sufficient to permit a person to commit identity theft against the consumer whose information was compromised.

(c) Does not include information, other than a Social Security number, in a federal, state or local government record that is lawfully made available to the public.

How do we develop safeguards for this personal information?

 Requirement to Develop Safeguards for Personal Information ORS §646A.622

646A.622 Requirement to develop safeguards for personal information; conduct deemed to comply with requirement. (1) Any person that owns, maintains or otherwise possesses data that includes a consumer’s personal information that is used in the course of the person’s business, vocation, occupation or volunteer activities must develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the personal information, including disposal of the data.

(2) The following shall be deemed in compliance with subsection (1) of this section:

(a) A person that complies with a state or federal law providing greater protection to personal information than that provided by this section.

(b) A person that is subject to and complies with regulations promulgated pursuant to Title V of the Gramm-Leach-Bliley Act of 1999 (15 U.S.C. 6801 to 6809) as that Act existed on October 1, 2007.

(c) A person that is subject to and complies with regulations implementing the Health Insurance Portability and Accountability Act of 1996 (45 C.F.R. parts 160 and 164) as that Act existed on October 1, 2007.

      (d) A person that implements an information security program that includes the following:

(A) Administrative safeguards such as the following, in which the person:

(i) Designates one or more employees to coordinate the security program;

(ii) Identifies reasonably foreseeable internal and external risks;

(iii) Assesses the sufficiency of safeguards in place to control the identified risks;

(iv) Trains and manages employees in the security program practices and procedures;

(v) Selects service providers capable of maintaining appropriate safeguards, and requires those safeguards by contract; and

(vi) Adjusts the security program in light of business changes or new circumstances;

(B) Technical safeguards such as the following, in which the person:

(i) Assesses risks in network and software design;

(ii) Assesses risks in information processing, transmission and storage;

(iii) Detects, prevents and responds to attacks or system failures; and

(iv) Regularly tests and monitors the effectiveness of key controls, systems and procedures; and

(C) Physical safeguards such as the following, in which the person:

(i) Assesses risks of information storage and disposal;

(ii) Detects, prevents and responds to intrusions;

(iii) Protects against unauthorized access to or use of personal information during or after the collection, transportation and destruction or disposal of the information; and

(iv) Disposes of personal information after it is no longer needed for business purposes or as required by local, state or federal law by burning, pulverizing, shredding or modifying a physical record and by destroying or erasing electronic media so that the information cannot be read or reconstructed.

(3) A person complies with subsection (2)(d)(C)(iv) of this section if the person contracts with another person engaged in the business of record destruction to dispose of personal information in a manner consistent with subsection (2)(d)(C)(iv) of this section.

(4) Notwithstanding subsection (2) of this section, a person that is an owner of a small business as defined in ORS 285B.123 (2) complies with subsection (1) of this section if the person’s information security and disposal program contains administrative, technical and physical safeguards and disposal measures appropriate to the size and complexity of the small business, the nature and scope of its activities, and the sensitivity of the personal information collected from or about consumers. [2007 c.759 §12]

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Patients have federal legal rights to their protected health information. We sign forms about our privacy every time we go to the doctor’s office, treatment clinic, or hospital. Doubtful the average lawyer let alone average person has ever read the HIPAA rule which is nearly 700 pages long. Where this impact lawyers is when they are business entity that deals with health care providers, which includes CPAs, doctors, and lawyers.

HIPAA in Oregon. Oregon acknowledges a number of health-care provider/patient privileges that include preventing others from disclosing communications made with the health care provider for the purposes of treatment and diagnosis.  See OR. REV. STAT §§40.230, 430.235. Remember, that federal privacy regulations under HIPAA will preempt state laws unless the pertinent state law is more stringent.  See 65 Fed. Reg. 82,462, 82,464.

Lawyers need to be careful of individually identifiable health information. The best way to protect confidential client data: ENCRYPTION. Encrypting data which is then properly backed up and stored is the easiest way to begin fulfilling your obligations under HIPAA and under ORPC 1.6.

Gramm-Leach-Bliley Act 15 U.S.C. §§ 6801-6809 and §§ 6821-6827, as amended

  Under the Gramm-Leach-Bliley Act, financial institutions must protect the privacy of consumers’ personal financial information. This is why your financial institution provides you with annual notice of their privacy policies and why they must give notice and an opportunity to opt of before disclosing any of the consumer’s personal financial information to an unaffiliated party.

For lawyers, consider that you contain personal financial information in your client files, such as credit card numbers and bank account numbers. There may be a number of reasons that you have copies of your clients’ financial account statements, loan applications, tax returns, financial documents used in bankruptcies and dissolutions of marriages and business partnerships. How are you protecting the confidentiality of this information? Where are you storing it?

The best way to protect confidential client data: ENCRYPTION. Encrypting data which is then properly backed up and stored is the easiest way to begin fulfilling your obligations under Gramm-Leach-Bliley Act and under ORPC 1.6.