Sharing legal documentation can be a tricky, but vital, aspect of virtually any legal firm’s business. Legal firms need to deliver documents to clients, the courts, and other concerned parties in a timely manner. Their delivery methods must also take special care to avoid accidentally sharing information with unintended parties as to avoid an accidental breach of attorney-client privilege.
In the past, when a legal firm needed to ensure proper delivery of documents to a specific party, they would typically hire a process server to physically hand deliver documents. This has typically been considered the best way to securely deliver documents and prove they were received by the intended party. The drawback of this method is that it can be time consuming and very costly, especially if the process server encounters difficulty delivering the documents.
Sharing Information Via Email: Dangerous for Everyone
For more routine document sharing, such as an attorney sharing court documents with a client or internally with other attorneys, many legal firms find themselves leaning on email and file sharing services. Email, as a rule, should never be used to share sensitive files of any kind. While emailing files is a quick way to share information, someone monitoring traffic in and out of a firm’s IT environment may be able to see the contents.
The risk of information being accidentally emailed or shared with unintended parties is also a reason to avoid emailing sensitive files. To illustrate the point, according to the Australian government’s Notifiable Data Breaches Quarterly Statistics Report in May 2019, human error was in general, the cause of 31% of breaches in Australia; the second most common reason overall (the first being malicious or criminal attack at 61% of all breaches). The most common error made was sending personal information to the wrong recipient, accounting for 31% of all breaches caused by human error. The second most common error was unauthorized disclosure of information through an unintended release or publication (including online), which could include files inadvertently forwarded to an unintended party.
Of the malicious and criminal attacks, 5% were caused by social engineering, including email-based executive fraud. All of these factors make sharing files via email an especially risky policy.
Sharing Information Via Email: Especially Dangerous for Law Firms
If these numbers weren’t daunting enough, the law sector-specific statistics are even worse. While the percentage of breaches caused by human error remains consistent (approximately 34% of legal sector breaches were caused by human error, versus 31% across all industries), 62.5% of those were caused by personal information being emailed to the wrong recipient. Add in the percentage of breaches through unauthorized disclosures, assuming the information was disclosed via email, and that brings the total to 75% of all breaches caused by human error.
Put another way, during the first quarter of 2019, potentially up to 75% of Australian legal sector breaches caused by human error could have been prevented simply by avoiding the use of email.
Most File Sharing Services Aren’t Much Better
File sharing services may seem like an obvious solution; they are simple to set up and it’s easy to invite relevant parties to collaborate and share documents. The truth is, these types of services frequently lack adequate security (such as two-factor authentication) and retention policies. Additionally, if permissions are not properly set up, it may be possible for collaborators to invite others or share a direct link to the files with unintended parties. These services also often lack detailed auditing functionalities that can decisively prove documents were properly delivered to their intended recipient, nor do they record who actually accessed and downloaded files. What may be the most significant problem is the lack of retention policy controls. File sharing services frequently require files be manually deleted, which can lead to old files remaining in a shared folder well past when is necessary.
Fax Is Better, But Limited
Sending documents via fax remains a popular way to securely transfer documents as it is very difficult to intercept faxes in transit. There are a few drawbacks of using traditional fax solutions, however. One is that there can be a risk of unintended parties viewing the files, such as if there is one central, office-wide fax machine. Another is that fax can only support transferring printed documents (no audio or video) and may have constraints on the number of pages that can be faxed based on the memory of the machine receiving the fax (analog fax machines commonly have 64 MB of memory). There often will be a delivery confirmation feature with fax, but in the event the fax is being sent to an office-wide fax machine, there is no real way to tell who has actually looked at the document.
But How Can an Audit Trail Actually Help?
A detailed audit trail can make a huge difference in protecting the sanctity of attorney-client privilege, ensuring the proper delivery of legal documents, and holding individuals accountable. To learn how, read our second blog post, “What are 3 Ways an Audit Trail Can Help Protect Law Firms and Their Clients?”, where we go in depth on how an audit trail can help solve for these issues.