Legal professionals are storing more of their data on the cloud. File sharing is an example of an easy-to-use tool that, on its face, appears to solve some major logistical problems.
Unfortunately, although file-sharing sites are convenient for transferring large documents or posting the latest edits to a document, their security measures aren’t substantial enough for protective orders and other legal requirements.
Common file sharing sites such as DropBox, Box.net, and Google’s new Drive are a part of the cloud in that they use a remote pool of computing resources to provide space for storage and software to handle any file transfers. But it is difficult to ensure that confidential client data is secure since the computers containing that information are in an unknown location and being administered by personnel outside the legal realm.
The legal industry has special considerations with the cloud since there are statutory obligations to protect client information. At every turn, legal professionals, in conjunction with their IT advisors, should ask whether the IT benefits of file sharing sites outweigh the security and privacy risks. Managing this risk is key to protecting corporate and proprietary information.
The following are the most pertinent file-sharing risks for corporate counsel:
- No assurance of deletion: Most file sharing sites have a clause in their standard terms stating that they provide no warranty to the full deletion of a user’s information from their systems. Although this may not be a concern for those sharing personal information on such sites, corporate data and privileged information needs more protection. Further, most protective orders have a requirement that once the case is complete, that data be irrevocably destroyed.
- Third-party access: Not only can the employees at a hosting company potentially access your data, so can their partners. It is quite common for large file-sharing companies to purchase data space from smaller vendors, which means that your data may be in the hands of any number of companies along the way.
- Overall loss of control: Once data is on a file-sharing site, users have very little control over who accesses that information and what happens to it. This may mean loss of the data, unauthorized access, and a lack of chain of custody.
How to Protect?
The most certain way to protect information is simply not to use online file sharing sites. In fact, there are alternative methods for sending and sharing files, particularly amongst those in the same IT network. Secure FTP (File Transfer Protocol) sites have been used for decades to help complete those very tasks and can easily be installed behind the appropriate firewalls and network protection.
If you must use an online file-sharing site, there are ways to protect yourself. Encrypting any data that is posted to such sites helps add another layer of difficulty to anyone wishing to view your data. Encryption can be used even if the data is shared in order to collaborate with a team by sharing the keys with only your trusted party.
Online file sharing and storage sites are a very convenient way to handle documents, particularly those for litigation—but they come at a steep security price. Only put data that you are willing to lose in the hands of file-sharing sites.
The move toward cloud computing in some instances is inevitable, but using cloud resources means extra planning on the part of companies and attorneys when handling electronic information for litigation.