Confidentiality in Online Environments
Moderated by Eric Tang
We know that disputants often consider mediation over litigation because of the privacy and confidentiality factor. If a dispute is taken to court, the whole conflict is open to the public. Mediations, on the other hand, can be kept confidential and resolved without anyone other than the parties knowing the details. All notes and transcripts can be physically shredded and disputants can agree to non-disclosure. If the mediation is successful, everyone is happy and everyone wins.
However, when mediation is conducted online, it seems that perhaps some part of this value may be at stake, or at least is perceived to be at stake. Statements and documents are posted online, where things are permanent. It reminds me of a quote - "The internet is written in ink", and so, you better be careful of what you say online. Most internet users are keenly aware of this fact, despite the occasional regrettable posts on social network sites that some people mistakenly do.
Assuming an ODR service provider is using all the latest security, takes all necessary precautions and restricts access to a case; is privacy and confidentiality still considered the same as a face to face mediation? Is this a significant barrier for mediators and disputants to take their mediations online?
What about situations where a mediated dispute ends up going to court? State laws may vary on this, but what information can be used and recovered from an online mediation that wouldn't have existed in a face to face meeting? Can a mediator say without a doubt that all communications and documents will not be subpoenaed when all of these digital files are hosted on a server somewhere beyond their control?
Moderator Bio:
Eric Tang is the Senior Manager of Operations for Modria, joining the company in June 2012. Prior to joining Modria, Eric spent 5 years with PayPal Merchant Services as an Enterprise Account Manager for several of PayPal’s top 100 businesses. Eric also spent time as a Corporate Trainer for PayPal, sharing his knowledge of customer service. Eric holds a BA from the University of Nebraska and a MS in Alternative Dispute Resolution and Negotiation from Creighton University. Eric is also a part time mediator affiliated with the Nebraska Justice Center.
______________________________________________
Tags:
I think this is a very interesting topic. Online mediation poses a convenient method of mediating settlements between parties that are unable to meet in person due to time, distance, schedules, etc... Since the hallmark of mediation is privacy and confidentiality, it seems that this will be the biggest concern for parties who want to mediate online. As mentioned earlier, there are a number of programs out there that can record and save any activity on a computer as well as programs that can infiltrate a computer and take "steal" its data. Also, since a majority of communication will be through e-mail, I can understand if a party is concerned over another sharing those confidential emails with a non-privileged person. In the end, I think online mediation will come down to the parties' trust in the mediation process. In any type of mediation, whether its in person or online, the parties will unlikely enter it if they feel the mediation will not be private. The mediator, or the parties' counsel, will just have to assure the parties that their communications will remain private.
Maybe someone out there can develop a mediation program that is impenetrable and will keep all communications private?
This is a wonderful discussion. Thank you Eric.
Jan McInnis is refreshing to say "If we as mediators approach the subject of confidentiality with realistic expectations...".
I like Bill Warters' sensible approach..."...will do their best"...to provide privacy.
and Tanner Spracklen was realistic with her suggestion that recording of the mediation by the participants be discouraged. This is assuming this is a regular work/family mediation where there may be an ongoing relationship continuing after the mediation.
Great to hear from Austin J. Vos - I don't think there is "impenetrable" mediations, which is why we are discussing more of a best efforts approach to confidentiality, rather than these absolute promises and guarantees of confidentiality. As well, people with different budgets may be willing to pay more for more secure mediations. But again, I'm protective of them. Just because you hand over a big retainer cheque does not mean you are getting the confidentiality that you are being promised.
Very interesting topic! It seems that even if the ODR service properly encrypts and takes all necessary steps to secure the session and its contents that it could still be subject to subpoena because it is stored on an outside server and a reasonable expectation of privacy may not be viewed as existing in some jurisdictions. This possibility is worrisome, and hopefully judges would attempt to protect the ODR process and deny any motions to subpoena the contents, but the best option would be to get state laws to protect these communications from subpoena and discovery.
The topic of confidentiality is especially interesting to me as my background is in healthcare and health insurance, and is combined with my "lawyerly" way of thinking. I take a different view than most of the other Cyberweek participants in this particular discussion, in that I do not consider the breach of online mediation confidentiality to be as big of concern as one might first believe.
Although there doesn't seem to be a single, uniform, accepted definition of mediation, it is obvious that it is built upon the premise of facilitating communication between parties to reach an agreement, without the use of the formal court or legal system. However, like the formal legal system, there is an explicit expectation of confidentiality between the parties and the mediator. Many states, including Florida (the Mediation Confidentiality and Privilege Act), have enacted legislation that requires mediation communications to remain confidential, even if a party is called to testify in court. State laws such as this, combined with the general respect for the integrity of the mediation process, in my opinion should continue to flow through online mediation. I believe this is very possible. For example, there are many state and federal laws protecting the confidentiality of personally identifiable health information--you most likely acknowledge your receipt of the federal HIPAA or HITECH laws when you go to the doctor, or sign onto your online health insurance account. The acknowledgement further tells you something to the effect of 'the provider will not share your health information'--thus entering into a written agreement to which it will be bound to follow. Even though the provider and the patient both sign this form, there are unlimited opportunities for the provider to breach, either intentionally or unintentionally. In my opinion, this is no different than when parties enter into a mediation agreement. A strongly written mediation agreement should include the attestation and agreement of the parties to maintain confidentiality and compliance with state and federal laws. By creating a contractual clause to which the parties must agree to before beginning mediation, a contractual chance for remedy has been created for the non-breaching mediation party. Therefore, although I am unfamiliar with the programs mentioned in other discussion threads about copying or recording programs, I do not believe the threat of these programs should facilitate a level of fear and deter parties from considering online mediation. Mediation is meant to amicably and voluntarily help parties reach an agreement over dispute, outside of the courtroom. However, mediation does not excuse the parties from being bound to basic contract law. For a lack of better word, the "threat" of impending litigation for a violation of the confidentiality clause included in the mediation agreement should work to deter parties from breaching mediation confidentiality, regardless of the available opportunities.
In conclusion, with the ever-expanding use of the internet for the exchange of information, be in mediation or health records, there will always be a breach of confidentiality threat, whether intentional or unintentional. Although mediation, for the most part, falls outside of the purview of the legal system, basic contract law still remains as a tool to compel compliance with the confidentiality agreement of a mediation agreement. As mediation is a voluntary process, I believe courts will more likely uphold the language of a well-written confidentiality clause of a mediation agreement.
There are extraordinary technology/applications available at the fingertips of most participants in a mediation.
In the past we did have "iron-clad" confidentiality - with the right people, within the budget of most people.
But now, a collborative approach to confidentiality seems the better fit with reality in today's world, given the budget of most people.
When talking about confidentiality I've found it helpful to distinguish between Privacy and Secrecy. Let's see if I can flesh it out in a way others might find helpful, too. You'll let me know if it isn't!
When Bill, you describe having that mediated conversation to work out issues with your colleagues, you appreciated having that conversation in private, not necessarily needing it to be secret.
I see privacy as the parties having an intention that we're going to have the conversation just among ourselves. There's a high-level of trust implicit in privacy because any one of the participants can breach that trust in any of a million ways (e.g., recorder in the pocket in an in-person meeting or taking a screenshot of a document in an ODR process).
Secrecy connotes to me that we are doing what we need to do to secure our discussions from being disclosed or discovered. There's a low-level of trust implicit in secrecy, and an expectation that someone has an interest in and will actively try to breach the confidential nature of the discussion, either someone within to disclose it our someone outside to discover it. The the intention in a secret process is a risk-management approach to reducing possible sources of disclosure or discovery.
I think for many disputes, it may be enough that we provide mostly privacy in our processes, working among the parties to ensure the level of trust implicit within that, yet with some thought to providing basic secrecy equivalent to using passwords on computers and locking office doors and the file cabinet. For some disputes, the participants may need a much higher-level of secrecy, as in cases involving trade secrets or intellectual property (e.g., no electronic devices in the room, encrypted communications, limited copies, etc.)
(BTW, if you're interested in just how extreme concerns about document secrecy can go, I can tell you some stories of the confidentiality agreements I signed and security provisions needed to implement them when we sued tobacco companies in the 1990s. As you can imagine, the emphasis there was on secrecy, not privacy, as the level of trust among the parties went only so far as the disclosing parties - the tobacco companies - would only trust that a reviewing court would enforce and hold the plaintiffs to the terms of the confidentiality agreements. That's obviously not near the level of trust we're trying to form in collaborative dispute resolution processes!)
Is this attempted distinction of two approaches to confidentiality - privacy and secrecy - with the different intentions behind each, helpful?
Information may be transmitted to other parties via many different technological means, such as emails, chat rooms, discussion boards or videoconferencing, which, as we have seen, were not created with ‘security and trust in mind.
Many different tools have been developed to achieve the confidentiality described above. Username and passwords, digital signatures and encrypted messages are most commonly used, bearing in mind that the level of security that is appropriate for a particular mediation will depend on the dispute and the requirements of the parties. In addition to usernames and passwords, which limit access to email addresses, chat rooms or internet discussion boards to authorised and identified parties, the risk of repudiation and alteration of a message can also be reduced by digital signatures. Using symmetric or private keys systems, where the same key encrypts and decrypts the message, or asymmetric or public keys systems, where two different but related keys are needed to encrypt and decrypt, the receiver of an electronically signed message can verify the origin, the integrity of the message and the identity of the sender. To avoid the risk of virus infections, intrusions or disk crashes firewalls, backup policies and intrusion detection systems are the standard mechanisms. Finally, biometrics, like fingerprint, retinal, voice-print or genetic patterns, may involve many possibilities to improve online security in the future.
There are many different technological protections which have been developed to protect and secure online communications in ODR. However, with respect to email, for example, they are not in general use. The current estimate is that only 0.5% of email is encrypted in any way (Smart Settle). In spite of its convenience and its potential to be secure, email is not the main communication method used by modern online ADR systems and web-based communications are preferred. There are certain risks inherent in the technological protections described. Whatever the security tools used, the inherent complexity of technology can create diverse problems that can affect the transmission of communications between the parties.
Hosting an online dispute raises a variety of concerns for the parties involved and the mediator. The main issue that should concern the participants is the presence of written communications that would not exist had the mediation happened in person. While online mediations could be facilitated with the use of programs such as Skype, the option to utilize email and instant messaging either in conjunction with, or in place of, face to face teleconferencing creates essentially, a transcript of what is said. This becomes a concern because it creates the opportunity for others to access this information or for the parties to utilize this information if they ever file a motion for sanctions. With the inherent lack of security that the internet is plagued with, even with the utilization of secure networks and such, everyone involved should be concerned about what they are placing on the internet and who might be able to access it. With this in mind, mediators who are considering hosting on online mediation should make sure that the parties are fully aware of the possible issues with this style of mediation and ensure that if something manages to find its way onto the web that the mediator will not be held liable so long as they exercised the reasonable amount of precautions when setting up the mediation.
Hello Everyone! I’m currently a graduate student at Wayne State University. This is my first Cyberweek, in accordance with my communications class with Professor Bill Warters. Also, I think this topic is very important in terms of mediating online.
I do not think that the terms of privacy and confidentiality are the same for mediation online like it is for face-to-face mediation. We really do not have the knowledge of what one of the parties involved is doing online. They could be keeping a copy of everything that is being written during the mediation. I do think it is a significant barrier for disputants to use ODR rather than mediation in a neutral setting, knowing that everything being said at the end is destroyed and not kept.
As for a mediation going to court, wouldn’t the same rules apply to the situation whether to was a face-to-face mediation or online. Nothing can be used in court other than an agreement. I’m not exactly sure how states differ as to what can be used in court or not. I do think the rules would apply the same way.
Wow! First off, let me say thank you to all who contributed to this discussion! It has been a very entertaining and informative conversation, and I enjoyed reading everyone's comments thoroughly. Thank you!
Due to my role as an employee of an ODR provider, I admit I'm fairly biased on this topic. I believe the privacy concerns of online mediation are very much valid, though, which is why I wanted to raise this topic. However, I think the concerns can be overcome. Just as many pointed out in this thread, a mediator who promises total 100% confidentiality (whether online or face to face) are likely being too ambitious. It really is just a matter of perception.
Technology can be frightening. It's easy to point out the negative consequences and potentials, but I think of technology as double edged. For as many negative and destructive things that a piece of technology can bring to us, it also brings equally positive and inspiring contributions to society. We see this in every advancement; from a hammer to nuclear power, it just depends who is holding the tool. Ultimately, technology has provided us far more good than bad. This fits with my belief that people are basically good and deserving of trust. When it comes to conflict, most want to get it resolved as amicably as possible. I may be wrong, but these beliefs are the foundation of conflict resolution professionals.
So, with that, I say onward into the new frontier!
Eric
© 2024 Created by ADRhub.com - Creighton NCR. Powered by