In a recent interview, Edward Snowden urged legal professionals and business with sensitive digital client information to encrypt their data.
"What last year's revelations showed us was irrefutable evidence that unencrypted communications on the Internet are no longer safe. Any communications should be encrypted by default," Snowden said in the interview.
But how can businesses and law firms with huge amounts of unstructured data ensure they are protecting all the right information from a privacy breach? I recently sat down with Jamie Wodetzki, founder of contract management company Exari and Sam Liu, VP of marketing at Soonr, a provider of secure file sharing and collaboration services for business, to answer this question.
Wodetzki spoke about specific strategies, such as using sophisticated analytics and secure storage systems, for providing full internal transparency in order to identify potentially compromising language and information within complex contracts. And, Liu shared the importance IDs, passwords and networks in the dangerous online world.
“Put simply, the risk of both snooping and leaking is rising sharply, so every business needs to think about which data is most sensitive and do more to protect that data,” said Wodetzki.
Contracts are high value documents which reveal the companies (or people or governments) with whom you deal, the nature of those dealings, the financial terms and scale of those dealings, and much more. According to Wodetzki, when leaked to a competitor, this may expose that you're working on some secret new project or product.
“If I'm a major tech company working on a secret smartphone, I don't want it made public that I just signed a multi-million dollar supply contract for scratch-proof glass; it tips my hand. Or, if I'm a corporation trying to keep a global expansion under wraps, I don't want to wake up one morning to an article commenting on 100,000 square feet of retail space I just signed up for in a specific city. The existence and terms of that lease need to stay secret,” he explained.
Keeping contracts with tight controls over who gets to see what, and secure connections for getting information in and out, will help reduce the risk of leaks. For many companies, lack of visibility into contracts and their terms is one of the main difficulties in assessing the sensitivity of contract data in the first place.
“These terms address issues such as: Have we agreed to specific secrecy measures? Are we liable if we leak customer information? Is that liability capped or unlimited? Are we protected by a carve out for compulsory disclosures to governments or regulators? Being able to answer these questions makes it much easier to properly assess and manage the risk of leaks and disclosures,” he added.
According to Liu, issues around privacy have been around for decades. First it was hackers, then identity thieves, and most recently the NSA, but the fundamental concerns haven’t changed. “It almost always comes down to two factors when trying to ensure privacy: 1) Access and 2) Content.”
Liu advises that the best prevention against a privacy breach is to start with Access such as making it difficult for unauthorized persons to gain access to private content. In the physical world, access can be controlled with physical boundaries such as checkpoints, identification papers, and location, but in the online world, it’s about IDs, passwords and networks.
Aside from the typical ID/password method of controlling access, another level of prevention is having data bound to jurisdictions. Next, the order of prevention against privacy breach is protecting the Content itself, which is where encryption comes in. It is important to keep the encrypted file and the key to the file separately controlled, but encryption should not stop with the storage of the file, but also while it’s being transmitted and in-session.