Can Lawyers Work Remotely: Data Protection Challenges

Many law firm leaders are now working under a hybrid model. As increasing numbers of staff are told that they are free to organise their own office schedules and can work from home whenever it is appropriate, such new flexible working policies mean that firms need to accommodate changing document management requirements.

Digital Transformation in Law Firms

Law firms have been working slowly over the last decade to transition to digital processes. In 2013, the government launched an online claims portal to help keep track of and manage claims efficiently and quickly. On May 31 2021 a new separate system was launched called Official Injury Claim to deal with motor accidents and handles personal injury claims.

Over the recent years, partly driven by GDPR, many law firms have been forced to rethink the way they manage data. It has presented a window of opportunity for private law firms to review company structures and identify inefficiencies that have existed for years. The need for an efficient method of working has been highlighted further now that employees without electronic access to documentation struggle to work from home. In a typical law firm, desks are stacked with correspondence and filing cabinets and archive rooms are full of confidential client documents. It is very hard for staff to transport a vast amount of paperwork around when working remotely, especially if multiple people are working on a case simultaneously from different locations and need access to the same case documents. With this documentation being incredibly confidential in nature, accessing such records in a secure and compliant environment is another obstacle law firms face.

Security Risks of Working from Home

Law firms have been warned to rethink remote working policies to avoid cyber-attacks and data breaches, especially when working with sensitive data. When searching for a document management provider, law firms need to look for certain accreditations that will give them the ease of mind that their data is in safe hands. ISO 27001 is a world-recognised standard for information security that outlines best practices for processing and storing sensitive data. Following regular audits, Storetec continues to demonstrate highly secure scanning operations and subsequently, has maintained the ISO 27001 accreditation for years. This is very important when looking for a provider as they will be working with sensitive case information. The Cyber Essentials Plus certification indicates that an organisation takes a proactive stance against malicious cyber-attacks and demonstrates that they have taken the essential precautions to protect their organisation against cyber threats. Being certified to Cyber Essentials Plus means clients have the reassurance that their provider is continuously looking to improve IT and security measures against the threat of cyber-attacks which is essential when working with and storing sensitive data.

Work from Home Security Solutions

To combat security concerns, firms may already benefit from a Virtual Private Network (VPN). A VPN reroutes a user’s internet activity to another location so their location and identity cannot be tracked. This will benefit firms massively when their employees are working from home or on a public network. It keeps the user from becoming a victim of a cyber-attack and hackers from accessing their data.

Another key consideration to ensure adequate security of documents is digitisation. Whilst documents exist in hard copy format alone, they are always at risk of permanent damage or loss via various potential disasters such as fires, floods or even just being mislaid on a commute to the office. By digitising documents, the single point of failure is removed as documents can be securely stored, encrypted, and backed up to ensure they are never at risk of permanent loss, whilst also facilitating fast and secure access that is not limited by location. That said, digitisation itself also comes with some key considerations such as the legal admissibility of the scanned images. This is easily addressed by selecting a document scanning provider, such as Storetec, who can guarantee legal admissibility by scanning in line with BS10008 – the recognised British Standard for evidential weight and legal admissibility of electronically stored information which outlines best practice for migrating paper records into digital files.

GDPR & Working from Home

There are concerns about data retention policies and whether remote workers are abiding by required data retention policies. With regulations such as GDPR in place, businesses can receive serious fines for mishandling personal data and it is estimated that the average data breach costs £3.86M to resolve. Therefore, it is essential when looking for a provider to ensure they have extensive knowledge of regulations governing data protection such as the GDPR. Storetec’s compliance team is available to advise on how data protection impacts your business and the steps to ensure GDPR compliance.

Article 32 of GDPR states that businesses should implement appropriate technical and organisational measures to ensure document security – meaning, if employees are working from home and accessing confidential personal information, there must be appropriate security measures in place such as data encryption. As a solution, firms can utilise a secure cloud-based document management system, such as FreeDocs, which has all necessary security provisions in place to protect the most confidential documents. Document management systems such as FreeDocs can encompass several features such as data encryption, detailed audit trails, managed password policies, and access controls. Furthermore, additional security provisions can be integrated such as 2-factor authentication; meaning when logging in, a code will be sent via SMS to a pre-approved phone number for validation. User access can also be restricted; this means employees working remotely could be restricted over printing, emailing, and accessing certain confidential documents.

Conclusion

Our experienced team can offer advice and support on data protection, statutory retention periods, and more. Get in touch today to learn more about the benefits of effective document management to combat the various security concerns that can come with flexible working for law firms.