Lawyers can’t render effective professional service without full and confidential communication with their clients, yet law firms, such as Diamond and Diamond, make a popular target for hackers drawn to large sums of money held in trust accounts and compromising information. Add to that a reputation for weak security, and law firms must do everything in their power to combat cyber attacks and data breaches.
“If we aren’t protecting clients to the best of our ability, we aren’t giving them the justice they deserve,” says Jeremy Diamond, a top personal injury lawyer in Ontario and Managing Partner for Diamond and Diamond Lawyers. The main prerogative of our firm is to put measures in place to earn the trust of our clients and make them feel safe and secure.”
As one of Ontario’s fastest growing personal injury law firms, Diamond and Diamond Lawyers must comply with mandatory requirements relating to the use of information technologies in their law practice, including electronic registration of real property, electronic filing requirements or processes of courts or other tribunals, and Law Society electronic filings such as Lawyer Annual Reports and Continuing Professional Development Reporting via the Law Society Portal. For security, they rely on an increasing suite of technologies, including those designed to protect data.
“It’s better to be on the safe side,” says Diamond. “Our firm hasn’t experienced any breaches, but there’s always the danger of hackers accessing our data to access sensitive information. Security is an added expense, but one of high worth if it protects our clients’ personal information.”
Although not intended to replace a lawyer’s professional judgment or to establish a one-size-fits-all approach to the practice of law, the Law Society of Upper Canada’s Technology Practice Management Guideline outlines the circumstances under which information technologies are recommended and invites the practitioner to consider the use of technologies to support client service expectations and practice management. As well, it reminds lawyers to address concerns respecting security, disaster management, and technological obsolescence.
At Diamond and Diamond Lawyers, security begins with safeguarding electronic communication by setting up user accounts with secure passwords and putting mechanisms in place to prevent leaks, including regularly changing passwords and two-factor authentication requiring password holders to answer a security question for which only they know the answer.
“We invest heavily in a suite of technologies to support client services and practice management, including anti-virus software and firewalls to protect at-risk electronic information,” says Jeremy Diamond. “At Diamond and Diamond Lawyers, there are special features in place to protect the privacy of everything from electronic legal research and document management systems to database management, calendaring and billing. As well, we work with technology vendors to secure the wireless network and use a Virtual Private Network (VPN) to provide strong encryption and enable authenticated access to the Diamond and Diamond Lawyers network from external sources.”
The firm is also a proponent for the efficacy of educating lawyers, staff, and clients about the importance of security measures. “We make everyone at Diamond and Diamond aware of the ways we are working to minimize the risks of disclosure or interception of information, discuss the security risks associated with each technology we use, and encourage vigilance when using mobile devices instead of landlines,” says Diamond. “We also implement office practices that protect against the accidental disclosure of sensitive information in electronically transmitted messages.”
Scammers have been breaching data since people began keeping records that contain private information, but our new, tech-driven workplace escalates the potential for harm. The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with federal privacy laws, including one that covers personal information-handling practices (Personal Information Protection and Electronic Documents Act (PIPEDA). These laws find teeth in the committed efforts of forward-thinking organizations like Diamond and Diamond Lawyers.