The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 50 Security number might be as useful as storing the entire number. The damage associated with disclosing just those digits is minimal compared to the entire number. 3. Could less sensitive data be used? For example, instead of storing a value such as a driver's license number, a customer ID only used by the organization might suffice. CLOUD STORAGE An organization's obligations for data protection and security do not cease if the information is stored with a third-party provider of cloud storage. Additional diligence must ensure cloud storage suppliers provide enforceable measures to preserve confidentiality and security. Attention should be paid to: • Include in your cloud storage provider contract verbiage about ownership of data, access to data, ability to purge data at customer-specified dates, indemnification if a data breach occurs and procedures should the vendor go out of business. Periodically confirm vendor compliance. • Assess the provider's security measures, policies, recoverability methods and other procedures to determine their adequacy. At regular intervals, confirm that the measures remain effective in light of technological advances. • Address regulatory obligations. For example, the Health Insurance Portability and Accountability Act requires that third parties with access to protected health information sign a business associate agreement. • Know where the organization's data will be stored. In some jurisdictions there are laws prohibiting the storage of data outside the country. If based in the United States and your data are stored outside of the country, the federal government might not help if problems occur or there are issues with the vendor. BRING YOUR OWN DEVICE Most organizations have realized significant benefits when adopting a policy that allows for the use of personal devices, including increased productivity, lower costs and increased employee satisfaction. However, most experts agree that the capabilities of mobile devices far exceed the current technology to secure them. With sales of smartphones and tablets increasing rapidly and personal computer sales on the wane, it is predicted that the majority of security breaches in the future will be caused by mobile device attacks via hackers bypassing authentication methods. Application-level encryption, for example, and segregating enterprise data from the rest of the device can help minimize threats. FEATURES pdfDocs 4 3 applications in 1 info@docscorp.com | www.docscorp.com 1 Single Document mode Create, print, edit a PDF. 2 Organizer Project mode Collate multiple documents from multiple sources. Output as a single PDF. 3 Binder Project mode Import document folders and sub-folders from a project into an electronic PDF binder. Do more with pdfDocs 4...