Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1480787
17 I L T A N E T . O R G (CCPA) which mandate, among other requirements, that firms be able to classify, track and, if requested, delete personal data held anywhere by the firm and that PII is handled in a way that ensures appropriate security. Proposals for a comprehensive nationwide data privacy law, similar to GDPR, may become U.S. law in the future 4 . Failure to do so comes with some hefty fines to the tune of 4% of revenue for a GDPR violation and/or $2500 per violation instance – even if unintentional –for CCPA. These numbers add up. In 2021, Amazon paid just under a billion (823.9 million) in GDPR fines. But when we send this information as attachments, we've lost control of the document—and the sensitive information it contains. A firm cannot secure or govern information it does not know it has because it is effectively hidden as an email attachment -- nor, of course it follows, manage compliance with regulations such as GDPR and CCPA. Email wasn't built for this – but there is a technology that was: the document management system. The Technology Built for Governance and Security: The Document Management System Only within the confines of the DMS can a firm know what sensitive information it possesses in order to create and implement effective privacy, retention and destruction policies around it. This is why the DMS is the technology of choice of 98% of all firms to protect and govern sensitive client information 5 . It is the firm's 'system of record' - not email. Inbound legal mail should be and can be scanned to daily mail folders in the document management system where the technology of choice – the DMS—can govern and secure it and ensure the firm's privacy compliance. Mail recipients and copied parties can receive smart notifications, with useful information about the mail item, and secure links back to the DMS for document retrieval— not PDF attachments. This best practice approach employs different workflows for non-legal mail items that do not require direct-to-DMS secure delivery. Conclusion The scan-to-email solutions firms conjured as a response to the pandemic were a stop-gap fix in the short term, but they were never intended for long term use. Now that the hybrid legal workplace is here to stay, all firms need to seriously consider their obligations to protect client information as related to digital mail delivery. In fact, there may be an ethical obligation to do so. Don't wait until a cybersecurity incident or privacy breach is caused by your firm's scan-to-email methods. Now is the time to assess the impact of those risks in terms of optimal security, confidentiality, and privacy of client information. Consider your firm's digital mailroom design from a best practice perspective and tomorrow you'll be glad you did. ILTA Joseph Scott is the Senior Director of Client Engagement for DocSolid, makers of Airmail2. Reliable, secure, direct-to-DMS delivery of digital documents.