In Q4 2017, there were many court cases that collapsed, due to either evidence which had not been shared with defence lawyers or that client confidentiality had been compromised. Every case incurs significant cost and its collapse due to process issues is very damaging as well as potentially guilty parties not being prosecuted.
The Solicitor Regulatory Authority (SRA) has, in its Code of Conduct, detailed guidance on the protection of client’s confidential information and the disclosure of material information to clients. Chapter 4 highlights a number of risks to confidential information and the requirement to protect information at all times. Systems and controls to protect clients’ confidentiality must be in place and appropriate for the nature of work undertaken. There is also a requirement in Chapter 10 with regard to co-operation with the regulator. Legal firms must actively monitor relationships with clients that may have to be shared with the regulator to prove alignment with the code of practice or to verify correct processes if anything goes wrong.
Currently, protection of client information is very difficult when multiple parties may be involved in a case. The Police, CPS, social services, prosecution services and many more may be a part of an investigation. Managing and protection information with multiple entities introduces significant risk to confidentiality.
However, technology can help and help big!
Using Enterprise Rights Management (ERM), critical information can be protected wherever it goes and control over that information is managed dynamically. Consider an important case with requirement to share evidence from a pathology or police report with defence and prosecution services. Information would either need to be hard copy and couriered but then can you be sure that the recipient actually received it and read it. If the information is electronic then multiple copies will be stored on respective recipient devices posing a threat that it could be lost or stolen.
With rights management, electronic information can be held in a protected folder to which a rights policy is applied. Whenever information is taken out, then the protection policy applies automatically. The policy will be set up to only allow specific persons to see the information, what they are allowed to do and even where and when it is accessed. The file is encrypted and can then be distributed by any means such as USB devices, dropbox, email, ect. The recipient will receive the information and will open the file. The encrypted file will then call to the policy server to ascertain if the person is allowed to view the file and, if so, what are they allowed to do (read only, edit, print, etc.). All of these actions are recorded in the audit log. Only when the recipient is authorised is the file opened and access permitted. Even in the open state, the file is still encrypted. Recipients can ask for increased privileges and this can be granted dynamically – or taken away.
Information that has been sent out but is no longer needed or is superseded can have all rights removed so thereby rendering the information deleted.
Rights Management can revolutionise protection for any organisation that has critical information which needs to be protected wherever it goes. For legal organisations the ability to show the SRA that only the right people accessed the information, the wrong people were denied and that recipients actually read the information is critical to ensure proper process.
There are many more significant benefits using Enterprise Rights Management, and Guardian Technologies has been implementing it for several years. The technology has been available for over 10 years but now is advancing and getting the recognition it deserves. Today it operates flexibly, un-intrusively and without the necessity for a local agent. Guardian Technologies can provide the advice on how to implement, educate the users, sample security policies as well as the skills to manage the environment.
If you keep doing the same things, you will keep getting the same results. With the huge increase in information misappropriation currently then different approaches must be taken. Enterprise Rights Management does it all and it is ready for you now.
To learn more about Rights Management and how it can help your business please get in touch to arrange your FREE 60-minute consultation.