I recently read an article entitled Is Your Boyfriend Reading Your Facebook Messages?, which stated that in response to an online survey, more than 20% of men admitted to reading their partner's e-mail or messaging accounts, and another 20% said they hadn't yet but would if they were suspicious that their partner was up to something.

Of course, this raises significant concerns about the behavior of the 20% who have already invaded their partner's privacy, including concerns about trust in a relationship and the dangers of controlling behavior in relationships.

It is just as shocking, though, that just as many men responded that they hadn't invaded their partner's privacy yet, but would if they were suspicious. Or, at least it would be shocking if I wasn't a divorce attorney.

In fact, I often warn my clients that everything they say can and will be used against them in Court, and that includes things they say on facebook, twitter, and even potentially in their e-mail or snail mail. Many parties don't realize that besides the lack of privacy on sites like facebook, even their e-mail and letters are discoverable in a Divorce case and could become evidence. The only communications that are not admissible are those that are privileged, such as communications with your attorney.

Regardless of the fact that some communications are discoverable, that doesn't mean you should make access to your private life easy for your ex, or allow potential breaches of the attorney-client privilege. Here are some immediate steps you should take to ensure that your ex does not have access to your e-mail, mail or other accounts:

1. Immediately change all of your passwords for e-mail, facebook, banking and other accounts. Don't use the same passwords for any accounts and make your passwords complicated so that your ex cannot guess them. For reasons why you shouldn't choose easy passwords check out this article at LifeHacker. For tips on picking strong passwords check out this article at TechSoup. If you still have concerns about an account, close it and open a brand new account.

2. Obtain a P.O. Box. Obviously if you and your ex have not yet separated there is the potential for issues with your mail, but even if you have separated and our living apart, your mail is still often vulnerable to both accidental and purposeful interception. For example, if your ex places a mail forward on their name, any mail that is marked poorly (Mr. instead of Mrs. by accident) could be forward to your ex without you ever seeing it. In addition, federal laws against mail tampering are easily broken since none of us have locks on our mailboxes. And unfortunately, children often having prying eyes.

Considering that the cost of a P.O. box for a year is probably cheaper than one hour of your attorney's time, it's well worth the investment to avoid the potential problems of having your mail unsecure.

3. Encrypt Electronic Communications. At Kelsey & Trask, P.C. we use SSL encrypted e-mail, and we encrypt and password protect any documents we send to clients that have private or financial information. You should ask your counsel to do the same to ensure that even if your account or your computer are somehow accessed, the draft and final files that you have exchanged with your counsel are not easily accessed.

For more information about protecting your privacy as much as possible through the divorce process, contact Attorney Justin Kelsey at (508) 655-5980 and schedule a free one hour initial consultation.

In this information age, employers need to guard their secrets and proprietary information. Many employers think having an "off the shelf" internet and computer use policy is all they need. Far too often employers fail to consider the more serious problem of data theft, unfair competition and the machinations of disloyal employees. Non-compete and confidentiality agreements are one further step in the right direction, and clear policies about non-distribution of stored electronic data. And don't forget the requirements of e-discovery. Most employers are ill prepared for the emerging worst case scenarios. A complete audit of data security issues and systems is in order for most employers not wanting all of their information in the public domain.

Massachusetts has enacted one of the strictest data-privacy laws in the country and is scheduled to go into effect on March 1, 2010. Any personal information that any business entity maintains or stores is subject to Massachusetts General Laws Chapter 93H, while M.G.L 93I governs the destruction of physical and electronic documents and data. Both M.G.L. 93H and M.G.L. 93I define “personal information” as a person’s last name and either his or her first name or first initial, combined with any one of the following: a social security number; driver’s license number or state-issued identification card number; financial account number, debit or credit card number, with or without any required security code, access code, personal identification number or password that would permit access to a resident’s financial account.

Guidance for business’ implementation of M.G.L. 93H can be found in 201 CMR 17.00, and creates an affirmative duty to every person that “owns, stores or maintains personal information about a resident of the Commonwealth” to “develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing . . . personal information.” In determining whether such comprehensive security program complies with M.G.L. 93H and accompanying 201 CMR 17.00, a court will consider:
(a) the size, scope and type of business of the person obligated to safeguard the personal information under such comprehensive information security program;
(b) the amount of resources available to such person;
(c) the amount of stored data;
(d) the need for security and confidentiality of both consumer and employee information.

Any business must have a written information security program (“WISP”) that establishes security policies for the firm’s computers and wireless system, and all personal information contained therein. All personal information stored on laptops or “other portable devices” must be encrypted. All records and files, including emails, containing personal information that is transmitted across public networks or wirelessly must be encrypted “[t]o the extent technically feasible.” The written security program must include plans for systems monitoring for unauthorized use, up-to-date firewall protection, and up-to-date system security software that is set up to receive regular security updates.

Authentication protocols must include a “reasonably secure method of assigning and selecting passwords.” 201 CMR 17.04(1)(b). Assigning random complex passwords to clients would be a preferable defensive strategy. Such passwords must be controlled “in a location and/or format that does not compromise the security of the data they protect.”

With that in mind, businesses should develop a policy which includes:
(a) Encryption of all emails that contain personal information.
(b) Encryption of all personal information stored on portable devices
(c) Installation of system security agent software that is set up to receive security updates
(d) Maintenance of firewall protection for all files on a system connected to the internet.
(e) Implement a termination/Disciplinary policy for misuse of personal information.
(f) Education/Training of employees on proper use of computer security system and importance of personal information security.

Attorney Trask of Kelsey & Trask, P.C. was a cryptologic materials manager in the U.S. Marines, and has experience planning and implementing encrypted communications (voice and data) networks. If you have any questions regarding M.G.L. 93H, contact us at (508) 655-5980 or click here.