Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Security is big business these days. Everyone from celebrities to private citizens, and organizations from the Academy of Motion Picture Arts and Sciences (it awards the Oscar) to the U.S. Army hires security.
In e-commerce, in general, and e-data manipulation and storage in particular, credit card and Social Security Numbers and personally identifying data on up to 33 million people have been compromised in recent high-profile e-databank compromises.
And in the legal realm, concern about the security of sensitive data during transport has never been higher. Attorneys from coast to coast have watched the headlines and read countless articles about files and tapes that have been lost or stolen while being moved from Point A to Point B ' during legal discovery activities, perhaps, or to satisfy compliance requirements.
As a result, law firms and corporate in-house counsel are investigating more dependable methods for securing information during transit, when it is most vulnerable. Many of these experienced denizens of e-data have concluded that encryption provides the greatest protection throughout the chain of custody, and that this locked-door method of data security can be achieved at a relatively reasonable cost.
Typically, corporations and law firms encrypting data employ one of two methods. Some choose to rely on programs that are built into individual backup software packages or tape drives. Alternatively, other organizations select emerging applications that provide single, unified encryption for diverse types of data.
The advantages offered by the latter option are many. An integrated approach provides data managers and attorneys greater assurance that all files have been securely encrypted. Plus, this innovative encryption strategy eliminates the need to manage multiple proprietary keys that expose custodial parties to the risk that the keys could be misplaced or become obsolete.
Federal, State Laws Require Data Security
The sanctity of confidential information has never been more closely guarded. The panoply of laws and regulations enacted in recent years bears this out. This year marks the 10th anniversary of the Health Insurance Portability and Accountability Act (HIPAA), for instance, which makes healthcare organizations responsible for the security of clinical and administrative information relating to patients. Four years ago, Congress passed the Sarbanes-Oxley Act (SOX), instituting financial-reporting regulations designed to shield consumers from misconduct or fraud. Individual states have also tightened confidentiality policies. California, for example, recently adopted the California Security Breach of Information Act (SB 1380) that compels all types of organizations to inform people if the security of any personal data that the organization maintains is violated in any way.
At the same time, there has never been as much publicity surrounding security breaches. Consider the following incidents involving unencrypted data that occurred during the first half of 2006.
The message is clear: Unencrypted data is highly vulnerable during transport. The intensity of media attention surrounding these breaches ' combined with regulations addressing data security ' means that all parties along the chain of custody must take full responsibility for ensuring that confidentiality of private and proprietary information is preserved.
The price of ensuring this can be high ' but the price to pay for ignoring these warnings will be higher. Fines and penalties may be levied if the problems were due to noncompliance with security regulations. Victims often instigate costly lawsuits that could result in steep compensatory awards for damages. Plus, the negative publicity may hound a law firm or corporation for years.
Encryption Secures Confidential Data
To ensure that they are able to meet expectations for increased data security, law firms and corporate counsel are analyzing best practices that focus on how to most effectively manage data that must be transported for discovery purposes.
As they review the options available to them, legal professionals must deliberate on the benefits of symmetric versus asymmetric cryptography ' or, alternatively, if it is best to employ a combination of the two.
Symmetric cryptography is the more traditional approach, and is characterized by the use of a single password; in other words, encryption and decryption are done with the same 'key.' Data professionals note that this methodology exposes law firms and corporations to unacceptable levels of risk when employed as a stand-alone system. If the key is appropriated by the wrong party, for instance, the security of the data is immediately compromised. To ensure this does not occur, custodial parties must invest significant resources in key management.
But the single-key problem is eliminated with asymmetric, or public key infrastructure (PKI), encryption, which uses a public and private component to the encryption process. The originator devises this dual level of digital encryption keys, which are created by a hash of the data ' a fingerprinting technique, more or less, that compares and verifies the volume of data at the onset and completion of the process to ensure that it has not been altered. The resultant public encryption 'read' key can then be shared as required, while access to the private decryption key is restricted. In a sense, the public key locks the data, while the private key releases it. The private key is sent to the recipient separately from the data.
Use of PKI encryption grants parties concerned with the confidentiality of data four levels of assurance.
1. Confidentiality. Protection of data against unauthorized access or disclosure, or both.
2. Authenticity. Verification of an individual identity (pin/password).
3. Integrity. Protection of data against unauthorized modification or substitution.
4. Non-repudiation. Combination of confidentiality and authenticity that is provable to the third party.
Single-key Applications Simplify Encryption
In addition to evaluating these methodologies, legal professionals must consider the level of encryption that meets their needs. Many have turned to the application-level encryption found in more recent versions of backup software. These packages offer automatic encryption ' whenever data is backed up, the software initiates an inherent encryption sequence.
Industry experts note, however, that this approach has disadvantages. Management of the process is highly complex, for example, because every program has a different and distinct encryption key. This requires that the custodian of the data manage multiple keys ' keeping records of each key so that it can be applied to the corresponding release or generation of each specific program. If the keys are misapplied, misfiled or outdated, they will be unable to decrypt the relevant data.
The next generation of encryption methods, however, offers custodians the ability to apply a single key to multiple types and versions of software. This ability allows the firm or organization to write its own proprietary encryption key to decrypt all formats or files. With that mechanism in place, a small computer system interface (SCSI) device automatically encrypts data during duplication at no additional cost, and with no delay.
Once the data is secured, it can be transported with virtually no danger of a security breach. Even if the physical medium is lost or stolen, no party other than the one holding the decryption key can access the data. The key is sent separately from the data and, once both components have reached their destination, the recipient uses the read key to retrieve the data.
The result? Users eliminate the need for multiple keys, which reduces the opportunities for loss and the exposure to risk. Plus, the originating organization operates more efficiently, because it has simplified the management of encrypted data.
The use of PKI encryption is only the first step to increased data security. Already, vendors are introducing native tape-drive based applications with greater capacity that greatly increase throughput offered by current systems. With these types of innovations available, legal professionals can be assured that data transported for discovery can be encrypted for maximum security ' easily, efficiently and inexpensively.
Security is big business these days. Everyone from celebrities to private citizens, and organizations from the Academy of Motion Picture Arts and Sciences (it awards the Oscar) to the U.S. Army hires security.
In e-commerce, in general, and e-data manipulation and storage in particular, credit card and Social Security Numbers and personally identifying data on up to 33 million people have been compromised in recent high-profile e-databank compromises.
And in the legal realm, concern about the security of sensitive data during transport has never been higher. Attorneys from coast to coast have watched the headlines and read countless articles about files and tapes that have been lost or stolen while being moved from Point A to Point B ' during legal discovery activities, perhaps, or to satisfy compliance requirements.
As a result, law firms and corporate in-house counsel are investigating more dependable methods for securing information during transit, when it is most vulnerable. Many of these experienced denizens of e-data have concluded that encryption provides the greatest protection throughout the chain of custody, and that this locked-door method of data security can be achieved at a relatively reasonable cost.
Typically, corporations and law firms encrypting data employ one of two methods. Some choose to rely on programs that are built into individual backup software packages or tape drives. Alternatively, other organizations select emerging applications that provide single, unified encryption for diverse types of data.
The advantages offered by the latter option are many. An integrated approach provides data managers and attorneys greater assurance that all files have been securely encrypted. Plus, this innovative encryption strategy eliminates the need to manage multiple proprietary keys that expose custodial parties to the risk that the keys could be misplaced or become obsolete.
Federal, State Laws Require Data Security
The sanctity of confidential information has never been more closely guarded. The panoply of laws and regulations enacted in recent years bears this out. This year marks the 10th anniversary of the Health Insurance Portability and Accountability Act (HIPAA), for instance, which makes healthcare organizations responsible for the security of clinical and administrative information relating to patients. Four years ago, Congress passed the Sarbanes-Oxley Act (SOX), instituting financial-reporting regulations designed to shield consumers from misconduct or fraud. Individual states have also tightened confidentiality policies. California, for example, recently adopted the California Security Breach of Information Act (SB 1380) that compels all types of organizations to inform people if the security of any personal data that the organization maintains is violated in any way.
At the same time, there has never been as much publicity surrounding security breaches. Consider the following incidents involving unencrypted data that occurred during the first half of 2006.
The message is clear: Unencrypted data is highly vulnerable during transport. The intensity of media attention surrounding these breaches ' combined with regulations addressing data security ' means that all parties along the chain of custody must take full responsibility for ensuring that confidentiality of private and proprietary information is preserved.
The price of ensuring this can be high ' but the price to pay for ignoring these warnings will be higher. Fines and penalties may be levied if the problems were due to noncompliance with security regulations. Victims often instigate costly lawsuits that could result in steep compensatory awards for damages. Plus, the negative publicity may hound a law firm or corporation for years.
Encryption Secures Confidential Data
To ensure that they are able to meet expectations for increased data security, law firms and corporate counsel are analyzing best practices that focus on how to most effectively manage data that must be transported for discovery purposes.
As they review the options available to them, legal professionals must deliberate on the benefits of symmetric versus asymmetric cryptography ' or, alternatively, if it is best to employ a combination of the two.
Symmetric cryptography is the more traditional approach, and is characterized by the use of a single password; in other words, encryption and decryption are done with the same 'key.' Data professionals note that this methodology exposes law firms and corporations to unacceptable levels of risk when employed as a stand-alone system. If the key is appropriated by the wrong party, for instance, the security of the data is immediately compromised. To ensure this does not occur, custodial parties must invest significant resources in key management.
But the single-key problem is eliminated with asymmetric, or public key infrastructure (PKI), encryption, which uses a public and private component to the encryption process. The originator devises this dual level of digital encryption keys, which are created by a hash of the data ' a fingerprinting technique, more or less, that compares and verifies the volume of data at the onset and completion of the process to ensure that it has not been altered. The resultant public encryption 'read' key can then be shared as required, while access to the private decryption key is restricted. In a sense, the public key locks the data, while the private key releases it. The private key is sent to the recipient separately from the data.
Use of PKI encryption grants parties concerned with the confidentiality of data four levels of assurance.
1. Confidentiality. Protection of data against unauthorized access or disclosure, or both.
2. Authenticity. Verification of an individual identity (pin/password).
3. Integrity. Protection of data against unauthorized modification or substitution.
4. Non-repudiation. Combination of confidentiality and authenticity that is provable to the third party.
Single-key Applications Simplify Encryption
In addition to evaluating these methodologies, legal professionals must consider the level of encryption that meets their needs. Many have turned to the application-level encryption found in more recent versions of backup software. These packages offer automatic encryption ' whenever data is backed up, the software initiates an inherent encryption sequence.
Industry experts note, however, that this approach has disadvantages. Management of the process is highly complex, for example, because every program has a different and distinct encryption key. This requires that the custodian of the data manage multiple keys ' keeping records of each key so that it can be applied to the corresponding release or generation of each specific program. If the keys are misapplied, misfiled or outdated, they will be unable to decrypt the relevant data.
The next generation of encryption methods, however, offers custodians the ability to apply a single key to multiple types and versions of software. This ability allows the firm or organization to write its own proprietary encryption key to decrypt all formats or files. With that mechanism in place, a small computer system interface (SCSI) device automatically encrypts data during duplication at no additional cost, and with no delay.
Once the data is secured, it can be transported with virtually no danger of a security breach. Even if the physical medium is lost or stolen, no party other than the one holding the decryption key can access the data. The key is sent separately from the data and, once both components have reached their destination, the recipient uses the read key to retrieve the data.
The result? Users eliminate the need for multiple keys, which reduces the opportunities for loss and the exposure to risk. Plus, the originating organization operates more efficiently, because it has simplified the management of encrypted data.
The use of PKI encryption is only the first step to increased data security. Already, vendors are introducing native tape-drive based applications with greater capacity that greatly increase throughput offered by current systems. With these types of innovations available, legal professionals can be assured that data transported for discovery can be encrypted for maximum security ' easily, efficiently and inexpensively.
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.