Technology, Security, and the Law: Protecting Your Clients and Their Financial Data
How law firms can protect the confidential data of its clients
The internet has made many aspects of life easier, including the ability to easily transfer and access information. It’s also revolutionized the business world, enabling many companies to expand upon the services they offer because of the ease of scalability online. You no longer need more brick and mortar space or staff – just more server space (and maybe not even that, thanks to cloud computing.)
However, this newfound availability comes with concerns. Thanks to numerous highly-publicized online security breaches, consumers now want to know who has access to their private information and tend to place a lot of value on confidentiality.
People understand that doing business with your company may involve sharing personal information, but the concern comes with what happens after that. Will your business sell or distribute their data to third-party vendors without consent? Is your business capable of keeping online information safe?
The Federal Trade Commission (FTC) enacted a law to address these concerns. The Gramm-Leach-Billey Act (GLBA) was passed in November 1999 and included privacy protections such as allowing consumers more knowledge or control regarding the distribution of their private information from financial institutions to third parties. The FTC attempted to extend the GLBA to cover attorneys that practiced areas of law that involved finances, such as tax planning and preparation, real estate closing, debt collection, financial planning or management, estate planning, wills, and trusts.
The American Bar Association was eventually awarded an exemption from the GLBA for attorneys, due in part to the fact that ethical guidelines within the legal profession are already very similar to disclosure requirements of the GLBA. However, it’s still essential that law practices that handle financially-related services adhere to the GLBA’s basic tenets, and act within ethical guidelines.
Safeguarding client data
So, not sharing the data of your clients with unnecessary third-parties is the easiest and most obvious first step in protecting data. But in this day and age where everything is digital, how can you go above and beyond to safeguard the information entrusted to you?
There is no one-size-fits-all answer, and be prepared to revisit this issue constantly. As new technology continues to evolve, so do potential threats. However, some basics to consider include:
- Email: Using a secure email account is essential. Gmail or other free services are not appropriate for transmitting client information. Encrypt all correspondence and if a subject is particularly sensitive, ask the client what method of delivery they prefer.
- Staff: Make client confidentiality a part of your company culture. Discuss potential vulnerabilities, only allow access on a need to know basis, and change passwords frequently. Keep paper records under lock and key and store fax machines in a private area. Shred sensitive documents that are no longer relevant.
- Security: Outsource your initial security set-up to a trusted IT professional to make sure your firm has a reliable process for blocking and responding to threats and vulnerabilities, including software updates, patch management, virus protection, firewall configuration, web and email gateway monitoring, and other technical details.
- Vendors: Carefully research and choose potential online vendors. Read all related terms and conditions agreements and ensure that these agreements are legally enforceable. Choose well-established, fully vetted companies whenever possible.
- Encryption and two-factor authentication: Establish that your system is fully encrypted for data in transit and employ two-factor authentication for all remote connections involving the firm’s technical infrastructure.
- Intrusion detection: Make sure your set-up actively searches for indications of a security breach and retains system logs in case it’s necessary to recreate behavior to determine the scope of exposure.
Technology has made everyone’s life easier – including hackers. Securing your law firm’s digital data is one of the most important business decisions to be made, and then revisited often. Hire an IT expert and ask them to brainstorm all worst-case scenarios before planning to prevent or correct each possibility.
Although the GLBA isn’t necessarily enforceable, your professional ethics are, and security is particularly vital to the long-term success of law practices that handle financial-based activities. Handle your client’s data with care – in the long run, using best practices for secure technology makes your job easier.
At Boss Certified Realtime Reporting, we’ve been providing nationwide court reporting services for trials, depositions, mediations and more since 1995. If you’d like help or more information, you can call us at 954 467 6867 or complete our contact form to let us know how we can assist you.