Data Security

The theft, loss, or destruction of practice-related data is disruptive, stressful, and financially draining to you. If that data belongs to, or impacts your client, this breach of confidentiality might result in a negligence claim against you, an investigation and fine under PIPEDA (Personal Information Protection and Electronic Documents Act), and/or a legal ethics and professional responsibility complaint.

Therefore, it is important that you take steps to safeguard your own and your client’s information. Implement a security policy for your office that covers your electronic data as well as your paper files.

There are many issues to consider when developing your policy, including the use of wireless connectivity without first ensuring that all possible security features are in place. Without these features in place, serious problems can result. This was seen in Edmonton recently, when an unprotected computer server in a downtown law firm allowed an employee in a neighbouring building to access hundreds of client files that included personal information. The lawyer had set up a wireless system himself and thought it was secured by encrypted password. It was not. Alberta’s Privacy Commissioner ordered an investigation into this security breach.

Tips

Don't open an email if you have any reservations about its source or content
Do not leave laptop unattended; do not check it as luggage; watch it carefully as it is passed through any x-ray devices
Do not leave laptop or other devices in your car if at all possible; if you must leave it in the car place in the trunk before you arrive at your destination; keep your car locked at all times
Physically secure laptops with a lock and store in a locked file room or cabinet
Discuss with your staff and client the risks of communicating via email, cell phone and cordless phone. Get your clients written instructions on these methods of communication and comply with them
Do not share passwords
Use strong passwords
Change passwords at least every three to four months
Update antivirus software regularly
Use spam filters
Do not open phishing emails. These types of emails often look like they are coming from reputable financial institutions.
Require dual authentication from non-secure remote location
Implement an Internet use policy that limits employee use of the internet
Limit employees access to data
Monitor dissatisfied employees closely – always take care with current and departing employees
Eliminate metadata from documents before transmitting
Have someone perform a security audit on all systems including phone and voicemail systems
Add a confidentiality statement to the signature line of your emails
Where possible use a landline for confidential telephone communications
Do not fill in the name of your email recipient until you have read email in its entirety for grammar content and spelling. Check the named recipient before hitting the send button
Do not use wireless without enabling all the security features
Scrub computers before disposing them
Treat electronic files with the care you would show to paper ones
Do not tape passwords to monitors or inside desk drawer

Data Protection Resources

Remote Deletion

The Cyber Angel

Compu Trace

Encryption and Data Protection Articles

You can read about encryption and deleting data on laptops and mobile devices here.

This article tells you about enterprise encryption strategies for data protection.