The onslaught of electronic information for e-discovery is ceaseless these days, with email, social media, collaborative workspaces, voicemail, IMs, documents and their metadata playing critical roles that affect the day-to-day “business of law” in a busy law firm.
Take, for example, the simple act of sharing electronic files. As the volume of e-discovery sources increases, so must the volume of materials shared between counsel and involved parties. Suddenly, trusted standbys, such as email, are not equipped to effectively handle the size of matter-related electronic information that must be exchanged. In an environment where attorneys are faced with increasing pressures to meet client engagement and profitability goals, and when clients are insisting on alternative fee arrangements, such as fixed fees, each moment wasted on unproductive administrative tasks can substantially impact both efficiency and the bottom line.
In addition to impairing productivity, there are numerous security concerns that arise during the file transfer process. Recent news is rife with stories about how large corporations, government agencies, healthcare providers and law firms alike have fallen prey to data breaches and compromised important client and/or employee information.
For example, Morgan Stanley Smith Barney exposed the names, addresses, tax ID numbers and Social Security numbers of approximately 34,000 of its investment clients. The reason? The company created two CD-ROMs with the information and mailed it to the New York State Department of Taxation and Finance. It was delivered to the office, but never reached the intended individual. In fact, they were never located. The CD-ROMs were password protected but not encrypted, so it would be fairly simple for someone to access that confidential information.
In addition to opening up the firm to breaching confidential information and client trust, law firms must also be aware of the government regulations surrounding particular information. For example, the Health Insurance Portability and Accountability Act outlines strict guidelines on how health and medical information is transferred. In 2009, the HITECH Act extended compliance to business associates of healthcare providers, including law firms. Medical information—including health records and insurance data—must be encrypted and securely delivered. Noncompliance with this regulation can not only compromise employee information, but also open the law firm up to steep fines.
Fortunately, file-transfer related data breaches can be prevented with the right technology that encrypts data during the transfer process but also while it is stored (e.g., in a collaborative work space or prior to downloading or deleting from the server). Technologies that restrict access to only designated individuals also help to protect data.
The Daily Grind of File Transfers
Most attorneys and litigation support professionals can relate to this scenario: You need to get time-sensitive documents to a client or opposing counsel. You scan the hard-copy documents and create a large compound PDF document that totals around 50 MB in size. Now, what’s the best and least time-consuming method to deliver this information? Let’s take a look at some common options.
Email: You attach the 50 MB file to an email message and send it on its way, confident that it will reach the recipient by the deadline. The next morning, you check your email and see a notice about an undeliverable email. An important deadline has been compromised because the recipient’s email system had an email size limit of 10 MB.
In order to bypass this size limitation, you rescan and regroup the documents into smaller PDFs and send multiple emails. Subsequently, you lose more valuable time confirming with the recipient that they received all the emails and attachments. Not only is this a time drain, but it doesn’t create the image of a firm that is ahead of the technology curve.
FTP: Typically, the first step is to call IT and arrange for electronic delivery of the document via FTP. Since you’re now relying on IT, no matter how responsive they are, it usually means a delay in the delivery. Plus, FTP sites are notorious for being challenging to use and can result in multiple calls and emails from clients. If the client calls you with questions, the process goes back to square one and you probably need to get IT involved again.
Digital media via courier: Another option is to have a paralegal burn a CD or copy to a thumb drive and send the information via overnight courier. This delays the delivery (no matter what speed rate you choose for delivery), and it may not work if the information has to get there within the same day. Furthermore, you can’t guarantee it lands in the correct hands (as evidenced by the Morgan Stanley example). A client can call saying the delivery was never received when it could be at the receptionist’s desk.
In the meantime, you’re using valuable time tracking the delivery to find out it was delivered. Additionally, if the physical media contains confidential client information and is lost or stolen en route, you have suddenly opened the firm up to the possibility of a data breach of confidential information.
As a legal professional, scenarios like these are not only inefficient, but they take away valuable time you could have been spending on more profitable endeavors. Fortunately, technology has evolved beyond email, FTP and thumb drives. There are multiple tools to help share and exchange documents that have less of an impact on billable time, as well as improve collaboration. Remember: In order to provide the highest level of security to ward off data breaches and noncompliance with government regulations, these file transfer technologies must ensure total encryption from point A to point B and all points in between.
Take a look at the higher tech solutions
Cloud-based file transfer service: Over the last several years, there has been an explosion of free or very inexpensive services that allow you to easily upload and share documents with outside parties. You access a website, upload the files and enter the recipient’s email address. The recipient then receives an email notification with a link to download the files. Most of these sites do not enforce security measures to ensure that confidential data is not accessed by unauthorized parties, and many of the services do not provide tracking of delivery or verification of receipt. Before using such a site, contact your firm’s IT management or security officer to confirm that these sites are sanctioned for use. Sometimes these sites are even blocked by the IT department because of their lack of security.
Hosted collaborative workspaces: There are a range of hosted services offering workspaces that allow internal and external parties to share documents easily. These services are particularly useful if you are involved in complex litigation or contract negotiation that involves multiple iterations of document review and revision.
Look for services that provide document revision tracking, rights-management features that control document access (view, download, update, etc.), and real-time participant notification of document uploads and revisions. These sites do require administration to set up folder structures, user accounts, permissions and document retention. As such, they may not offer the best approach for the one-time ad hoc transfer of large or confidential files. Again, check with your IT department to make sure these sites have been thoroughly vetted regarding security and user authentication and have been sanctioned for firm use.
Ad hoc secure file transfer systems: This option consists of on-premise and hosted systems that offer the secure and easy-to-use transfer of confidential and large documents and files to multiple external parties. These systems offer convenient, on-demand file transfer solutions that provide nontechnical users with a simple, self-service environment requiring little or no IT involvement. Some ad hoc file transfer solutions offer Outlook add-ins that give users a convenient way to send an email and its attachments, regardless of size. Policies can normally be defined to automatically transfer an email that is over a specified size as a secure delivery, eliminating the dreaded email bounce-back and reducing the impact of large attachments on the email server. Robust ad hoc file transfer systems offer recipient auto-registration, which eliminates the need to have IT set up external user accounts; real-time verification of receipt; recipient secure reply; strong user authentication; and encryption of data while in transfer and while at rest. An efficient system also maintains logs of all delivery transactions for confirmation of receipt.
In a business environment where each moment not spent practicing law is a wasted moment, it is valuable to identify and address the most time-consuming administrative tasks. Tackling the challenges surrounding file transfer means improved collaboration with clients and outside counsel and removes one more obstacle to increasing productivity and profitability.