Confidential Information in a Clouded World

July 18th, 2013 by

This blog is written by our law summer student, Ira Marcovitch

Moore’s law, named after Intel co-founder Gordon Moore, suggests that the amount of transistors on every computer chip will double every two years. It has more generally been used as a metaphor for the meteoric expansion of technology into all facets of our life. Given how technologically integrated our lives are now compared to even 10 years ago, Mr. Moore may have been onto something.

While technology obviously has the capacity to simplify our lives, and to make the dissemination of information possible on a scale previously unimagined, it poses some serious threats to confidential information. While we have all heard of the horror stories about personal information being stolen, and the necessity of Facebook privacy settings, what is to be done in the professional realm with client information that is stored electronically?

Unlike information posted on Facebook and the like, information collected and stored by doctors and lawyers is strictly personal and confidential. Further, the information is often protected by some form of privilege and, more importantly, the information stored by the doctor or lawyer doesn’t actually belong to them; it belongs to the patient or the client.

An increasingly popular method of accessing files remotely is the ‘cloud.’ In a nutshell, a cloud is a manner of accessing files where the files are uploaded to a server, maintained by a 3rd party provider, which is accessible from any device with an internet connection. While this allows, for example, a Toronto lawyer to access confidential client files while at a meeting in Washington, it also allows, for example, a hacker to access the same files from his living room in the Ukraine.

So, in a world where remote access is becoming a necessity for many professionals, what steps can be taken to ensure peace of mind for both you and your client and that confidential information remains just that?

1. Confidentiality – If you are thinking of signing up for a cloud service (or you already subscribe to one), check the company’s confidentiality policy to ensure that it provides protection for your files and information that is appropriate for your needs.

2. Audit Reports – Many cloud providers have audit reports on hand. Ask for it; it should provide a wide variety of information on the strength of their security systems, recent security breaches etc.

3. Physical Security – Ensure that the physical servers on which the cloud is stored is in a location where physical security is present and access is strictly limited. Many companies have their servers located offshore where they may not be physically secure.

4. Network Security – Ensure that when accessing files on the cloud, you do so through a secured network and that there is a firewall enabled at all times.

5. Back-up arrangements – Ensure that the cloud provider has back-up servers, physically separated from the main server, in case of a service interruption with the latter.

6. Service Level Agreements – Many suggest that cloud users or prospective cloud users check their service agreement to ensure that penalties for failing to meet the agreed level of service are present.

7. Strong Passwords – It may seem trite, but a strong password goes a long way to protecting information, no matter where it is stored. (No birthdays or ‘1234’!)

For further information or assistance in regards to confidential information or online confidentiality, please contact one of our Toronto Lawyers.

Flag Counter