Even before the pandemic, the most popular methods for sending or exchanging legal documents were not secure. Encrypted e-mail? Not as private as you think. Thumb drive? Think again. Consumer file-sharing services? Not designed with law firms in mind.

The post-pandemic world has added yet another challenge. Working remotely can make process serving a royal pain. Coordinating a notarized signature for the Affidavit of Service isn’t convenient for anyone.  And do you really want a process server or courier turning up at your door to pick up or deliver a document?

Many lawyers say working-from-home is part of “the new normal.” Firms have shown they can provide legal services while working remotely — and the convenience and cost-saving arguments are compelling. But working remotely has exposed technology and operational deficiencies that must be addressed. Ensuring the security of confidential legal documents between law firms, clients, and third parties is one such.

It's your duty

Protecting your client’s confidential information is not simply a matter of preserving your firm’s reputation. It is a professional obligation. Most jurisdictions require lawyers to properly protect client data. The Law Society of Ontario, for example, spells this out in the Rules of Professional Conduct(chapter 3, s. 3.3).

If protecting your client’s privileged information is a top priority, selecting the right method for exchanging documents in a matter is critical.

What's wrong with email?

Whether you realize it or not, email exposes you to many risks, from hackers to human error. 82% of firms surveyed say that unauthorized access to a firm’s document(s) would be “consequential.” Yet, 89% of the same firms admit they use email to collaborate with clients or third parties on matters, despite the known security risks.

A key unaddressed vulnerability for lawyers is the known, but largely unacknowledged fact that email is not a private communication. Encryption can help, but it isn’t perfect. Your emails could still be vulnerable to copying, forwarding, or downloading once the message has been decrypted. If you are working from a home office, do you even know how to encrypt your emails? Confidentiality statements will not excuse you either.  Judges are coming down harder on lawyers who fail to employ technology properly in the interest of their clients.

Risky alternatives

Thumb drives and consumer file-sharing services are no better than email. Thumb drives can be lost and, once in the wrong hands, can be read on any computer with a USB port. In a LexisNexis survey, (parent company of The Lawyer’s Daily) 68% of IT professionals said they had likely or very likely experienced a theft or loss of data stored on a USB drive.

Consumer file sharing, too, was never designed to protect confidential information. One wrong keystroke and you could share every folder on your computer. The survey found over half of the respondents said they had put confidential information on free consumer file-sharing sites, and in many cases, the firm was unaware.

What's the answer?

If email, thumb drives, and consumer filesharing are unsafe, what’s left? The answer is a service built for sharing confidential documents — or better yet, a service built specifically for legal documents. These cloud-based services take strict security measures to ensure your data is safe. You may still use email to notify a recipient of a new document, but it’s never attached to the email. Instead, your intended recipient receives a private, secure link to the service where the document is securely stored.

If “the cloud” sounds scary to you, you are not alone. Many are reluctant to move their documents to a data centre in some unknown location for fear they will lose control. But consider this: the companies providing cloud services are some of the largest in the world — Microsoft, Amazon, and Google, for example. The security expertise they apply to their data centres far exceeds that of even the largest legal firms. Just make sure you look for a service with a hosting facility in your own country, AKA “Canadian data residency.” This ensures that your provider stores your content in a location governed by local data protection and privacy laws.

What else should you be looking for in a cloud-based system?

  • Secure backup for the data you are storing in the cloud. You want to know that if a server or disk fails, your documents will not be lost.
  • Secure password authentication required for parties toaccess a document. This will ensure your documents are seen only by theintended parties.
  • Audit reporting that records document sharing activity such as receipt and open dates with notification to the document sender. Being able to prove your documents were sent, received, and opened, is very handy to a lawyer.
  • Secure document access from anywhere via desktop, laptop, or mobile device. As remote work becomes the new standard, you’ll need the flexibility to access and distribute your documents easily and safely, from anywhere.                       

The pandemic has forced many of us to rethink the way we work. Technology has helped us adapt while working away from our office environment. But choosing the right technologies for the task has never been more important. Even when we return to our offices, secure document exchange systems will have clear advantages over traditional document sharing methods, especially email. Paraphrasing a judge’s recent comment, “Sending documents as email attachments would be like returning to quill and ink.”

Paul Engels is the director of xchangedocs, the secure document exchange portal service used by over 500 Canadian law firms. xchangedocs is brought to you by Korbitec Inc., provider of Automated Civil Litigation (ACL)document automation software, including a library of court forms, for Canadian litigators.