Today, even in law firms, digital collaboration is omnipresent. Clients upload their documents and employees share them with each other in order to get work done. However, many firms still use public or insecure channels such as email and consumer-grade messengers and public clouds for this. Using these channels, a secure exchange of sensitive client files in compliance with GDPR and similar regulation is nearly impossible to achieve.
Private clouds for law firms
Fortunately, there are private clouds that can provide a good fit for law firms, some of them even specialize catering to the legal industry. They enable law firms’ clients to upload their documents. Staff can then share these documents with the appropriate colleagues in the firm, sending only links to files that are comprehensively secured. The documents themselves are not sent, but remain in the firms’ private cloud where any access can be logged and audited.
To enable collaboration that is both efficient and secure, a law firm cloud must meet a number of key criteria. We have compiled a checklist:
- Is the solution available for all common devices, thus enabling access regardless of location and time of day?
- Does it support sending share links by email but also via other channels, such as messenger apps?
- Does the application automatically send notifications if new documents are uploaded or existing files are modified?
- Does it protect access through multi-factor authentication?
- Does it check uploads with a file firewall and virus scanner?
- Does it encrypt files both in transit and at rest?
- Does it allow to define custom user permissions, including read-only and read-write be defined?
- Does it provide a data room feature to make confidential documents available for copy-protected view access?
- Does it protect share links with passwords and expiration dates?
- Does it feature a lifecycle management feature to ensure that files are only kept as long as necessary?
- Does it ensure the eligibility and traceability of data access through file classification, rule-based workflow automation, logging and auditing?
- Is it operated in a data center that meets the requirements set forth by GDPR and ISO 27001?
« Clients entrust law firms with particularly sensitive and confidential data. A lack of data security jeopardizes compliance with legal regulations, poses significant liability risks and can cause lasting damage to a law firm’s reputation. A suitable private cloud not only offers comprehensive protection, but also increases law firm productivity. By adding a managed service, cost-effective operation is also feasible without in-house IT. »
Tobias Gerlinger, CEO ownCloud