Can My Law Firm’s Office Solutions Meet Today’s Privacy Requirements?

By Paul Russo
 
The preservation of client confidentiality and the legal profession have always been synonymous.  National and international legislation have heightened security awareness and expectations in priority areas for law firms, such as medical records, personally identifiable information (PII), intellectual property and prospectuses.  According to the American Bar Association[1], one out of every four law firms is a victim of a data breach.  This staggering figure highlights the need for IT administrators and senior partners to have technology in their offices that can help them protect client data.
 
Those law firms collecting or storing personal data of European Union (EU) citizens or individuals located in EU nations should also familiarize themselves with their compliance with the General Data Protection Regulation (GDPR).[2]  A U.S. law firm may be subject to GDPR regulatory action, including fines, for failure to comply with applicable regulations.  Law firms should investigate whether their content workflows and associated solutions are aligned with their HIPAA and GDPR compliance strategies.  Consider a secure ecosystem that authenticates and allows document access based on assigned roles and associated privileges that align with the characteristics of the content.
 
Can your office solutions assist you with your compliance efforts?  Here’s a fast Q&A to help you identify areas where your law firm can make changes to help improve workflow security:
 
Q: Does my law firm’s content workflows and associated solutions align with its HIPAA Omnibus and GDPR compliance strategy?
 
A: HIPAA, the Health Insurance Portability and Accountability Act of 1996, underwent rule changes in 2013[3] broadening the law’s application to attorneys in some cases.  Law firms with access to protected health information (PHI) may be classified as business associates, so it is important that they implement processes to ensure the security and protection of the PHI they possess and transmit.  PHI includes Social Security numbers, medical records, insurance information and other data law firms may collect in the course of their practices.
 
Q: Do my clients have a secure way to send and retrieve documents?
 

A: A single data breach in the U.S. is estimated to cost an average of $7.91 million in 2018, according to The Ponemon Institute.[4]  The data lost in a breach can be enormous.  News reports about one alleged security breach that has been called the “Panama Papers” claim that 11.5 million documents affecting 214,000 organizations and individuals may have been compromised.[5]

Even as data breaches make news, there’s no denying that technology has increased the level of service clients expect from their attorneys.  This includes the ability to use file sharing or content collaboration platforms securely.  It is up to IT administrators to implement a process to give clients the access they want while preserving the security of the data and the system in place to help protect it.  Consider investing in or enhancing your existing workflow systems to solutions that can help seamlessly bridge content integration points and offer advanced security capabilities that will align with your law firm’s security and compliance policies.  Such technology can offer users the ability to securely access documents both inside and outside the law firm.  Also consider solutions that offer integrated authentication and discrete content controls that are specific to a document, file or client.

Q: Would we be able to supply information about document access and handling during a cybersecurity audit or a post-breach audit?
 
A: Concerns about the impact of a data breach are expected to cost businesses and organizations in the U.S. upwards of $2 billion in 2017 on premiums for cyber liability insurance policies helping to cover them in the event of a security breach.[6]  A workflow system that allows administrators to digitize hard-copy content can provide tools to track document access, and it can help law firms comply with security audits that may be required by the insurance companies and with the recordkeeping that may be required by HIPAA and GDPR.  Tight integration of a secure document ecosystem can permit administrators to quickly access login information, device activities, document tracking and more.  This information can be instrumental in helping with routine audits and workflow mapping for gap analysis, and it can assist with post-breach remediation efforts.
 
Q: Are there places where we can improve on security gaps in client data protection?
 
A: Law firms and offices of all types can struggle with some common security gaps, including:
  • Frequently leaving out papers and documents at printers, fax machines and other devices without an authorized person present to retrieve them;
  • Utilizing a secure content management solution to centralize data storage;
  • Preventing individuals from purchasing and using devices that don’t align with the law firm’s security and compliance policies.
Evaluate your current document workflows for their ability to provide comprehensive control and oversight throughout the entire chain of custody.  Consider enhancements that prioritize integrated content security features.  Government regulatory agencies are increasing efforts with respect to the security of the personal data that law firms possess.  Clients expect that documents and data entrusted to their attorneys will remain private and secure.  So, it is up to law firms to employ a holistic approach to their integrated document management strategies and the supporting workflow solutions to better align systems with their security and compliance policies.
 
Canon Solutions America, Inc.’s primary mission is to improve workflow efficiency and document processes in organizations of all sizes and industries, while helping them reduce waste.  This is accomplished through the strategic implementation of services, technology and support options that are unique to each customer’s operational requirements.  For more information on security solutions, please contact Paul Russo, Branch Sales Director, at [email protected].
 
Canon U.S.A. and Canon Solutions America do not provide legal counsel or regulatory compliance consultancy, including without limitation, Sarbanes-Oxley, HIPAA, GLBA, Check 21 or the USA Patriot Act.  Each customer must have its own qualified counsel determine the advisability of a particular solution as it relates to regulatory and statutory compliance.
Canon products offer certain security features, yet many variables can impact the security of your devices and data. Canon does not warrant that use of its features will prevent security issues.  Nothing herein should be construed as legal or regulatory advice concerning applicable laws; customers must have their own qualified counsel determine the feasibility of a solution as it relates to regulatory and statutory compliance.
Some security features may impact functionality/performance; you may want to test these settings in your environment.  Neither Canon Inc., Canon U.S.A., Inc. or Canon Solutions America, Inc. represents or warrant any third-party product or feature referenced hereunder.

[1] ABA 2017 Cyber Security Report
[2] EUGDPR.org, “Controversial Topics”
[3] HHS.gov, “HIPAA Guidance Materials”
[4] Ponemon Institute 2018 Cost of Data Breach Study: Services sector
[5] BBC, “Panama Papers Q&A: What is the Scandal About”, April 6, 2016
[6] Washington Post, “Cyber-insurance Becomes Popular Among Smaller, Mid-size Businesses”, Oct. 12, 2014
Share this post: