Data Security in The Legal Industry

Technology has changed how law firms communicate with their clients, other lawyers, and legal service advisors. Each device used to communicate creates an opportunity for the inadvertent or unauthorized disclosure of information. Legal professionals are targets for two main reasons; 1) They receive, store, and use extremely sensitive information about their clients, sometimes using safeguards to protect that information that are inferior to those used by the client, and 2) Because the information in their possession is more likely to be of a sensitive nature, it is more likely to be of interest to a hacker. Therefore, it’s important for lawyers to understand the technological requirements and risks associated with data security in the 21^st century. 

Model Rules of Professional Conduct

The American Bar Association (ABA) adopted “technology amendments” to the Model Rules in 2012. The amendment requires the lawyer’s obligation to take reasonable measures to prevent inadvertent or unauthorized disclosure of information relating to the representation.  

With the amendment, a lawyer may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.

Data Security in The Legal Industry

So, then what exactly counts as a higher degree of security? According to industry experts, lawyers can implement a few simple best practices to make sure they protect client information:

• Do not send documents as email attachments, even if the client wants them sent that way. Most clients are unaware that email attachments can live in the email servers across many nodes for an extended amount of time and remain vulnerable from a cybersecurity standpoint.
• Use a secure cloud portal to send and receive documents. Cloud portals, with encrypted data transfers and storage, protected by secure password access and MFA offer much higher levels of security compared to email attachments.
• If you are downloading a client document, make sure they are downloaded to specific folders on your local storage that you can keep track of. Always be aware of who is downloading documents and for what purpose.
• When having clients sign documents electronically, always make sure that there is a clear and unimpeachable audit trail that contains the details of each signee and document.
• Use folders available in the cloud portal to organize and store all client documents securely so they can be found in the cloud portal itself without the need for downloading for access. All documents in various file formats, signed, notarized, can be stored securely in the cloud portal.
• Be aware of the security practices implemented by the cloud portal vendor. Data Centers and cloud storage should be secure and protected. Compliance with industry standards like SOC2 should be a requirement. White papers from the vendor of the portal and hosting services provide such information that you can review.
• Finally, review the Privacy Policies of the vendor. These should articulate clearly how your data is used – remember you own your data and you are just utilizing their services to store your data. You have the right to know where your data is stored, and if it is being used for any purpose other than providing you secure storage, sharing and collaboration services.
• If needed, hire a qualified IT services provider to review or manage your IT infrastructure.

CoraLegal, sold by CoralTree, Inc. the makers of Qbox, is a cloud portal and eSignature platform specifically developed for the legal industry. CoraLegal is committed to maintaining security and privacy best practices suitable for the legal professionals. CoraLegal also has a comprehensive set of features used by law firms on a daily basis including document sharing and storage, granular user roles, cloud document editing, electronic signatures, and electronic notarization. Please visit https://www.coraltreetech.com/coralegal to learn more about the product that's keeping secure cloud collaboration and storage easy.