The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/163881
regulatory consequences of a breach. The most conservative approach involves using configurations that conform to the Federal Information Processing Standard (FIPS 140-2), which is quickly becoming the minimum requirement for encryption methodology. FIPS 140-2 is referenced as part of several NIST special publications, including the "Guide to Storage Encryption Technologies for End User Devices," and is cited in the final HIPAA/HITECH omnibus rule issue in January 2013 by HHS. To confirm whether the encryption used on a mobile device is FIPS 140-2-validated, visit the NIST website at http://csrc.nist.gov/groups/STM/cmvp/index.html. • Information Governance vs. Information Security: There is a tendency to assume encryption equals information security. However, mitigating risks associated with mobile devices requires a broader, information governance-based approach. Information governance (IG) is not only about keeping the information confidential and available, it also covers how to handle litigation hold requests, client records return or destruction, transfer of client records to or from the firm as part of attorney onboarding or outprocessing, and enforcing ethical walls. To learn more, review Iron Mountain's "A Proposed Law Firm Information Governance Framework." • Walled Garden: One of the vexing problems with supporting a consumer-owned device is keeping personal information separate from firm information. One conceptually simple approach is to create a walled garden to keep firm documents in and personal documents out. Containing firm documents in such a way allows the firm to manage document retention, data leakage and litigation hold requests easier. In addition, you can avoid having documents which are (relatively) safe and encrypted on the device from migrating behind the scenes to a (relatively) unsafe cloud environment. Products such as Good for Enterprise, Samsung KNOX and BlackBerry Balance offer various types of walled gardens for a variety of platforms, and certain mobile device management platforms may also offer this capability. • Mobile Device Policy: Anyone using a mobile device not issued by the firm to work on firm documents should clearly understand and agree to their information governance obligations. The mobile device IG policy should cover: •The firm's right to wipe all data off the device •The firm's right to take steps to preserve data on the device Document Automation in Word 2010 — Could it be that easy? LegalBar simplifies the use and administration of Microsoft Word 2010 providing a legal styles catalogue with clean-up utilities, an "all in one" numbering tool and centralized firm templates. BEC Legal for a demonstration. 57 800.948.4810Peer www.beclegal.com | to Peer