Lawyers and Information Security
The effectiveness of civil legal procedure is heavily dependent upon the fairness of procedure and decision making by entrusted practitioners and professionals. This expectation is one in which integrity of process plays a crucial role, in terms of upholding the expectations bestowed upon our fellow legal practitioners. In today’s agile age of technology, where information is exchanged through various means, it becomes cumbersome for a practitioner to track this information exchange via multiple providers, while maintaining a cost effective forecast towards the client’s desired result, and mitigating any potential information security threats that may lurk. There are a few key risk factors that practitioners should keep in mind while using third party tools for storing and exchanging client information, and practitioners should ensure that they have thought of mitigations to these associated risks. There are no guarantees of encryption through a contract with most service providers. Many practitioners do not realize that the apps and platforms that they employ to ease their process may not be secure. In other words, simply signing up your firm or yourself to an app, does not ensure that all information processed via this tool/platform is anonymized or encrypted from the third-party provider. Unless you have an exclusive license with the third-party provider, there is no obligation upon the provider to bear in mind any information security risks associated on behalf of you as the practitioner or for your client(s). Even if there is a contract, there are no guarantees that a service provider’s system administrator is not able to access the data. Most service providers do not provide a guarantee that data is inaccessible to technology staff or third-party (cloud) providers at their organisation. Without truly private and independent user keys, a fully encrypted and secure exchange of communication cannot be guaranteed between parties at all times. In the event of a data leak, there are bound to be adverse GDPR ramifications. The biggest information security risks associated in these circumstances is leakage of any client information which falls in the ambit of Personally Identifiable Information (PII), under the GDPR regulations. This client specific information is sensitive, and its handling and safekeeping needs to be given paramount attention, as once leaked is unretractable in most instances. Our research prevails that the only way to ensure a secure exchange of communication and information between clients and legal practitioners via a platform, is to have an end-to-end process, whereby the legal practitioner has complete authenticity over all exchanges made with their clients. This process can be achieved through one platform, where all tools are consolidated, whether a commercial legal matter be contentious or non-contentious, with an exclusive license with the service providing platform. At RESOLV, our goal is to ensure that the integrity of process for legal procedure is upheld in the agile landscape of technology.
– Bharat Reddy & Anishka Prasad