Posted by Melody Easton, marketing director at Legal Futures Associate DocsCorp
Human error is a leading cause of reported data breaches in the legal industry, and, given the sensitive nature of legal documents, mistakes like sending an email to the wrong person can have serious consequences under data privacy laws.
Delphi and Stibbe are two European firms that use technology to minimise errors and help staff work securely. Here’s how.
Alerts for potentially risky email sends
An email sent to the wrong person is one of the most common types of human-error breaches in law firms. Email will undoubtedly remain the primary communication channel for lawyers and their clients, but what can change is staff having access to technology that protects them from these kinds of mistakes.
Delphi’s head of IT, Henrik Järnberg, explains that mis-sent emails were a problem the firm had experienced because staff would ask the IT department to recall the messages. Henrik knew this wasn’t always possible, and there was no guarantee that recipients would discard the email if requested.
He says: “We needed to have control over as many outgoing emails as possible. And, since we knew we had the problem of people sending emails to the wrong person in the past, we had to act because these mistakes are considered data breaches under the GDPR.”
Delphi relies on email recipient checking technology to stop these mistakes happening in the first place. When they press ‘Send’, users are alerted to external or public email domains, Reply All and Forward actions, so they can check and confirm their actions are correct.
On the same screen, they can choose to action a series of time-saving tasks as part of the process: rename and clean attachments of metadata based on the specific company policy and convert attachments to PDFs or add to a ZIP file for secure distribution.
Fast removal of sensitive metadata
Email attachments can contain a trove of personal and confidential information that often the author has no idea they’re sending out. Metadata cleaning is part of Stibbe’s data loss prevention strategy. It helps protect staff from leaking metadata accidentally.
Stibbe’s head of ICT & facilities, Olivier Van Eesbeecq, says that incorporating this technology into its email process enables the firm to set up metadata cleaning policies that help minimise the risk of unintentional data loss. “For example, part of our policy is to apply security to PDF documents sent to external recipients, so only authorised recipients can access that information.”
At Delphi, metadata cleaning and email recipient checking are streamlined into a single workflow. When users are asked to validate the email recipients, they also get the option to remove sensitive metadata from email attachments and rename or convert them to PDF.
Henrik notes that, since metadata cleaning and email recipient checking are integrated, people see it as a one-step process. “I don’t think I’ve been asked, ‘Why is this always popping up?’. It’s more, ‘this is great,’ because they are often in a hurry and know they could make mistakes. At least now they get an alert asking them, ‘Are you sure?’”
Technology won’t always be able to prevent 100% of mistakes, 100% of the time, but there are quick and easy ways to minimise the risk to your firm. Email recipient checking and metadata cleaning applications are two such ways you can help your firm work more securely.