Safeguarding client information
That's the title of my Slaw post for today. While the webinar was based on lawyer and client information, the principles apply to almost anyone. It reads as follows: I attended a webinar today by the CBA entitled Safeguarding your Client’s Confidential Information – Tips and Traps. Presented by David Fraser and Dominic Jaar.
Here are some of the highlights.
Quote from security expert Bruce Schneier:
“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.”
This is primarily a people issue – requires training and understanding. It’s not just about technology.
Ethical rules. Not just rules against gossip and intentionally disclosing client information.
Includes an obligation to safeguard all of the information about a client against misuse and disclosure.
Privacy laws also apply.
For example, PIPEDA requires safeguards against:
Loss or theft,
Cradle to grave protection is required – disposal of paper and any computer memory (no matter where it is – computer, fax machine, jump-drive, smartphone, etc.) must be done by shredder or other method of destruction.
When using social media be cautious about whether to separate personal from professional.
When crossing borders – customs have broad ability to look at your laptop. Best solution is to not cross the border with client materials on laptop. Some lawyers use clean loaner laptop when travelling, and access client info remotely.
The biggest threat to security – is you, the user.
Encourages encryption of all client data on portable devices such as laptops, jumpdrives and smartphones.
Think it can’t happen to you? 86,000 lost or stolen laptops per year.
Make sure you change the default settings for admin usernames and passwords on hardware. Don’t forget Bluetooth.
Check password strength here: https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link
Consider this tool: http://passwordsafe.sourceforge.net/
If use cloud – make sure both communication channel and storage is encrypted.
Wipe metadata from word documents you create. Is easy to do in current Word versions. Converting to pdf is not enough.