Virtru Security Insights

UK Watchdog to Lawyers: Encrypt and Protect Your Email

The UK’s Information Commissioner, Christopher Graham, ‘sounded the alarm on data breaches in the legal profession’. Graham runs the ICO, this is an independent authority setup in the UK to be an advocate for privacy, data protection, and freedom of information. Graham is appointed by HM The Queen and reports to Parliament. He thinks lawyers are leaky data faucets running around with sensitive paper records, leaving them unsecured, and sending sensitive emails without encryption.

Short Summary: Use Less Paper, Send Emails, Encrypt Everything

This ICO news release has several recommendations for lawyers and legal professionals, but here’s the directive that caught Virtru’s attention:

When sending personal information by email consider whether the information needs to be encrypted or password protected. Avoid the pitfalls of auto-complete by double checking to make sure the email address you are sending the information to is correct.”

Exactly. Graham is sounding the alarm about three weeks after Snowden said exactly the same thing to all professionals.  If you are a practicing lawyer and you don’t encrypt your data or email, it’s time to start, and there’s no easier way to both encrypt and control your emails and attachments than Virtru.

We’ve all experienced problems with auto-complete

Everyone’s experienced this with email: you fire up Gmail to send an email to one person only to have autocomplete choose the wrong recipient. If you use email long enough autocomplete will get you into serious trouble (especially if you have two clients with the same first name.)

Virtru addresses the dangers of auto-complete by giving you control of emails even after you’ve hit Send. If you use Virtru to send a transcript of a deposition to the wrong person, you can quickly revoke that email with Virtru, and unintended recipients will never be able to access emails and attachments protected by Virtru and subsequently revoked.

Don’t Delete Data, Expire It and Retain Control with Virtru

The report also includes this recommendation:

“Only keep information for as long as is necessary. You must delete or dispose of information securely if you no longer need it.”

Virtru agrees with this, but we think there’s another approach more compatible with the way attorneys work.  It is rare that information involved in a court case can be disposed of entirely: contracts need to be reviewed, cases need to be appealed.

Instead of deleting sensitive data it should be stored electronically, associated with a Virtru policy, and expired or revoked proactively.  We recommend that emails and attachments be assigned an expiration date when they are sent.  Once a lawyer is certain that no one needs to access sensitive documents related to a court case, that lawyer should revoke all third-party access to emails and documents related to the case using Virtru for Business.

Our tool allows attorneys to share sensitive information with clients, employees, and opposing counsel without sacrificing control.  When you secure your message with Virtru, you can revoke a sensitive deposition or a settlement proposal not accepted.  After a case is resolved or contract language finalized you can make documents and drafts inaccessible for employees and associates who no longer need access.

Lawyers deal with the most sensitive information one can imagine, and it’s time that everyone in the legal profession started taking a proactive step to secure communications with Virtru.