The fast development of the communication and information technologies has led to their wide application in the lawyers’ practice. The wide use of computers, means of communication and office equipment in the law offices, as well as of portable computers, tablets, cell phones and other technical devices outside the offices and on the move seriously facilitated the lawyers’ activities, allowing them to use and work with the necessary information at any place and time.
At the same time this led to serious problems regarding information protection in cases of loss or theft of electronic bearers, unauthorized access of third parties and misuse by employees in the law firms, protection of information against unlawful actions of interested parties and establishments. This comes of course as a result of the wide application of the communication and information technologies in all spheres of human activities, and the legal practice as an intellectual activity, connected with all aspects of human relations, cannot stay isolated from these processes. They have to work with large volumes of versatile information which is stored on different bearers and is accessible at any time and place.
All this imposes the necessity of implementation of a system of measures for information protection in the lawyers’ practice, which shall ensure confidentiality and keep the lawyer’s secret.
In the first place this is required by the Bar Act (Art. 33, Art. 34, Par. 2 and 3, Art. 40, Par. 2). Undoubtedly it is a lawyer’s obligation to protect the rights and legal interests of his clients, including the information related thereto, in the best possible manner. The requirement for protection of clients’ information is also subject of Art. 5 of the Lawyer’s ethical code. This is especially important for ensuring the confidence of the clients in their lawyers. The existing “spy mania” in society must also be taken into consideration, especially after the wide spread records of conversations of the prime minister with other high-ranking persons, the ciphergrams of the US diplomats in WikiLeaks, etc. All this makes the clients especially sensitive to protection of information on behalf of the lawyers.
The compliance with Art. 45, Par. 1 of the Bar Act on keeping the clients’ secret without limitation in time, including when stored on electronic bearers, which are most convenient and provide best possibilities for protection through encryption, is very important.
In separate cases the lawyers’ activities must be organized in compliance with the Classified Information Protection Act – in the law firms working with such information there is a requirement for establishment of a classified information registry.
The compliance with the Personal Data Protection Act and especially Ordinance No: 1 on the minimum level of technical and organizational measures and the permissible type of personal data protection are also of considerable importance. The world practice and especially the practice in the EU, shows permanent increase in the requirements in this aspect.
In the contemporary development of technologies information protection used in the process of work and stored electronically is best achieved through hardware encryption (ciphering). This is the highest level of information protection. There are also software encryption systems but they provide much less degree of protection, they are not so reliable from a technological point of view, the productivity level is reduced and usually there is considerable slowing of the speed of the computers. The work with them requires special training; they also require technical maintenance and depend on the remaining main and applied software.
The technological condition requires complex solutions related to protection of information in law firms.
There are many solutions for information protection, the best ones being integration of products of world leaders. They use mostly patented state of the art technologies for hardware encryption which guarantee maximum security. Their implementation requires consultation with highly qualified experts with extensive experience in the field of information protection and the necessary legal knowledge, in order to find the most efficient solution for the lawyers’ practice.
If we summarize the above, the functional specifications of such solutions are the following:
- The possibility of unauthorized access to information using technical and other means is excluded.
- The attempts for misuse on behalf of company employees and third parties, having in one way or another access to the offices, computer and other equipment, including copying machines, become impossible.
- The lawyer is now able to determine the possibilities for access to the information for each individual employer in the office, him being the only one with unlimited access.
- Maximum flexibility and mobility of the use of communication and information technologies outside the law firm and during travelling is ensured.
The most common requirements towards the technical solutions could be the following:
- Hardware encryption of all information stored on a server or on a primary computer in the law firm and its regular archiving. This requires installation of a module for hardware encryption of the entire information on the server or on the primary computer and the same information is archived on a second internal or external hard drive. A flexible system of hierarchical access to information is also necessary. It is possible such kind of protection to be ensured for accounting, banking and other sensitive information for regular and portable computers. The access to documents printed on modern copying devices must also be controlled.
- Protection of information on portable computers through integration of an encryption module therein. This solution guarantees the protection of information during trips in the country and abroad, when visiting clients or working outside the office.
- Mobile solutions, such as miniature protected USB hard drive or memory card, which everybody can bring and use on any computer anywhere in the world, without leaving any information on it. Moreover, nobody can gain access to the so stored information.
- An encryption adapter which enables flexible organization of information protection, one device allowing unlimited number of lawyers and employees to work with it, the use of memory cards and external hard drives. Each person preserves his individual access to his information. A hierarchical access is also possible to be created, as well as remote deletion of information.
- Protection of information when working on the internet or talking on GSM phones. There is an opportunity for exchange of any information using various communication channels (optical, satellite, etc.) and Internet, as well as during telephone calls on landlines or mobile phones, protected against tapping.
The main requirements towards such solutions are:
- No need to change the hardware or software already in use.
- No need of training for work with the relevant technical products.
- No need of license or other fees or charges, except GSM phones.
- Possibility for gradual establishment of the information security system, and all products bought and used in each stage to be an element of the final solution.
The main advantages when using such solutions are:
- Increase to a maximum level the clients’ confidence in the lawyers’ practice.
- Guaranteeing of the right of inviolability of information of both parties.
- Impossibility for interference of third parties or institutions in the relationship lawyer-client.
The great variety and specification of the lawyers’ practice, the organization of the individual work of each lawyer and office require specific solutions which may only be developed by specialists in the field of information protection, who are able to offer specific solutions, integrating the best technologies so far.