Even before the pandemic, the most popular methods for exchanging legal documents were not secure. Encrypted e-mail? Not as private as you think. Thumb drive? Think again. Consumer file-sharing services? Not designed with security in mind.
The pandemic has added yet another challenge. While you work at home, do you really want a process server or courier turning up at your door to pick up or deliver a document?
Some lawyers say work-from-home could be part of “the new normal.” Many firms have shown they can provide legal services while working remotely — and the convenience and cost-saving arguments are compelling. Benefits aside, working remotely has exposed technology deficiencies that have been unaddressed for too long. The security of matter-related data is just one of these, albeit an important one. But there are solutions, as we’ll explain.
It’s your duty
Protecting your client’s confidential information is not simply a matter of preserving your firm’s reputation. It is a professional obligation. Most jurisdictions require lawyers to properly protect client data. The Law Society of Ontario, for example, spells this out in the Rules of Professional Conduct (chapter 3, s. 3.3).
Protecting your client’s privileged information should be a top priority. And selecting the right method for exchanging documents with clients, opposing parties and others involved in a matter is critical.
What’s wrong with e-mail?
Whether you realize it or not, e-mail exposes you to all kinds of risks, from hackers to human error. Even so, nearly 90 per cent of firms surveyed said their firms use e-mail to collaborate with clients or third parties on matters, with almost 75 per cent using it daily.
A key unaddressed vulnerability for lawyers is the known, but largely unacknowledged fact that e-mail is not a private communication. Encryption can help, but it isn’t perfect. Your e-mails could still be vulnerable to copying, forwarding, or downloading once the message has been decrypted. If you are working from a home office, do you even know how to encrypt your e-mails? Confidentiality statements will not excuse you either. Judges are coming down harder on lawyers who fail to employ technology properly in the interest of their clients.
Thumb drives and consumer file-sharing services are no better than e-mail. Thumb drives can be lost and, once in the wrong hands, can be read on any computer with a USB port. In a LexisNexis survey (parent company of The Lawyer’s Daily), 68 per cent of IT professionals said they had likely or very likely experienced a theft or loss of data stored on a USB drive.
Consumer file sharing, too, was never designed to protect confidential information. One wrong keystroke and you could share every folder on your computer. The survey found over half of the respondents said they had put confidential information on free consumer file-sharing sites, and in many cases, the firm was unaware.
What’s the answer?
If e-mail, thumb drives, and consumer file sharing are unsafe, what’s left? The answer is a service built for sharing confidential documents — or better yet, a service built specifically for legal documents. These cloud-based services take strict security measures to ensure your data is safe. You may still use e-mail to notify a recipient of a new document, but it’s never attached to the e-mail. Instead, you provide a link or login to the service where the document is securely stored.
If “the cloud” sounds scary, you are not alone. Many are reluctant to move their documents to a data centre in some unknown location for fear they will lose control. But consider this: the companies providing cloud services are some of the largest in the world — Microsoft, Amazon and Google, for example. The security expertise they apply to their data centres far exceeds that of even the largest legal firms. Just make sure you look for a service with a hosting facility in your own country. You want to be sure your provider stores your content in a location governed by local data protection and privacy laws.
What else should you be looking for in a cloud-based system?
- Backup services for the data you are storing in the cloud. You want to know that if a server or disk fails, your documents will not be lost.
- Parties invited individually for each matter and required to authenticate through a password or multifactor authentication before they can access a document. This will ensure your documents are seen only by the intended parties.
- An audit trail that tracks and records document receipt and open dates and provides the sender with notification. If face-to-face contact continues to be discouraged, and electronic delivery of documents becomes “the new normal,” you need some way to validate your documents were delivered and opened.
- Secure document access from anywhere through desktop or laptop computers, or a mobile device. With working from home likely to become more normal, you will need the flexibility to access and distribute your documents as easily from your home office or vacation home as you would from your office.
The pandemic has forced many of us to rethink the way we work. And technology has helped all of us adapt while away from our normal work environments. But choosing the right technologies for the task has never been more important. Even when we return to our offices, secure document exchange systems will have clear advantages over traditional document sharing methods. To paraphrase a judge’s recent comment about technology, continuing to send documents as e-mail attachments would be like returning to quill and ink.
This article was originally published by The Lawyer’s Daily (www.thelawyersdaily.ca), part of LexisNexis Canada Inc.