As the practice of law becomes more and more technology-based, attorneys often need to integrate their phones, computers, and other business assets to most efficiently provide legal services to clients. As a result of this integration, cybersecurity often necessitates that attorneys and staff use certain applications and software to make firm systems less vulnerable to attack. Accordingly, many law firms require attorneys and staff to download security software and other apps onto their phones so they can safely access email, documents, and other resources outside of the office. Nevertheless, requiring employees to download certain apps can raise privacy concerns and can also detrimentally affect an employee’s personal property.
In the olden days, attorneys and staff often did not need to worry about being asked to download proprietary apps onto their firms. Years ago, many firms issued business phones to attorneys and staff so that employees could access work email and resources without compromising their personal phones. In fact, I am old enough to have been issued a firm Blackberry — my first smartphone! — as a summer associate in 2011, and a firm iPhone when I became a full-time Biglaw associate in 2012.
More recently, firms have realized that they could save money by just having their employees use their own personal phones to read work emails and access work documents. As a result, attorneys and staff at many firms are not provided with work phones and are basically forced into downloading apps to their personal phones in order to facilitate access to firm resources. Many employees are not really given a choice about whether they can opt out of downloading these applications onto their phones. Usually they are just told that if they do not download the apps, they will need to log into work through a desktop or come to the office to read emails, calendar invites, and deal with other work-related matters. This is extremely impractical for many employees given the need to respond to many work matters as soon as possible, so attorneys and staff are often forced into downloading apps onto their phones.
Some apps are pretty benign, and employees cannot complain much when they need to download them onto their phones. For instance, some firms ask that employees download an app to provide an access code with which they can enter a firm’s system, and this is typically better than carrying around a separate security fob (which I had to do earlier in my career). Also, some other apps that allow access to a firm’s cloud or document management system from a phone are pretty convenient to have.
However, many firms require attorneys to download an app that allows a firm to wipe an employee’s phone of work-related data remotely, and this app can cause problems. Firms usually convey that such an app allows firms to remotely erase work-related data if a phone is lost or stolen. However, we all know that firms are more likely interested in remotely wiping a phone of work data if they need to terminate someone unexpectedly. I had to download such apps onto my personal phones at a few of the firms I worked at before opening my own shop.
Although I have never had technical issues with such apps, I have heard horror stories about such apps from others. One friend told me that when her phone was wiped of work-related data after she voluntarily quit a firm, the process erased all of her contacts! To add insult to injury, neither the firm nor the application developer seemed interested in helping her restore her contacts, since she had already left her job. As horrible as this situation sounds, this was not an isolated incident. About a year later, another friend of mine, who worked at a different firm, also had his personal contacts wiped from his phone when that firm erased data after he was laid off. I am sure all of us would be devastated if we lost all of our personal contacts, and downloading some kinds of apps at the request of firms can seemingly expose employees to technology issues.
In addition, some apps also come with serious privacy concerns. A friend told me that an app her firm forced her to download populated her personal calendar events into her work Outlook. In an office which has a public events system that allows people to see when others are busy, this would enable her entire firm to see her personal plans. In addition — and I don’t want to seem like I’m the kind of guy who wears a tinfoil hat — downloading an app onto your phone could potentially lead managers to discover where you are, how you spend your time, and other information. I have anecdotally heard of firms using time-tracking applications, keystroke-logging software, and other intrusive methods to surreptitiously watch employees. It seems like downloading work-related apps onto your phone can further enable firms to collect data on employees.
There is an easy solution for firms to satisfy privacy concerns and still promote security and efficiency. Firms should offer any attorneys and staff who do not wish to download apps onto their personal phones a separate work phone. Some people may not like to walk around with two phones, but others might prefer it. Indeed, I felt like a baller carrying around two phones earlier in my career. (Although some people joked that I must be a drug dealer, probably a reference to Breaking Bad!) In any case, employees should have a real choice about what they wish to do with their personal property.
All told, firms need to be a lot more aware of how requiring attorneys and staff to download certain apps onto their phones can raise privacy concerns. So long as firms give employees a bona fide option to not install apps onto their phones (possibly by offering separate work phones), firms can strike a balance between preserving security and respecting the privacy of employees.
Jordan Rothman is a partner of The Rothman Law Firm, a full-service New York and New Jersey law firm. He is also the founder of Student Debt Diaries, a website discussing how he paid off his student loans. You can reach Jordan through email at jordan@rothmanlawyer.com.