Posted by Dcirrus No Comments on The Legal Sector Battling Cybercriminals and Data Breach Uncategorized

The Legal Sector Battling Cybercriminals and Data Breach

The age of data breach

It is the 21^st century and everything is slowly moving to the virtual world. Businesses and individual are storing their data virtually. As a result of which cloud-storage companies are booming. Just like storing documents physically involves risks like theft, losing the document, misplacing the document in transit, storing data virtually has its set of risks. Recently, most of the big data storage and management companies have been on the news and not for the right reasons. Data theft and data breach are a few of the terms we have been hearing for a while now.

Storing data online has opened doors for hackers. Cyber-criminals are growing. The economic times conducted a survey wherein it was observed that in 2019 alone there were more than 3,13,000 cybersecurity incidents reported. Major players like SBI, JustDial, Airtel and others and startups like Nykaa Fashion, Oyo and others have been facing data theft and attacks that exposed consumer data. [1] Multinational corporations have always been prone to hacks. Law firms of all sizes are open to cyber-criminals. Such hacks can cost the law firm as well as their clients. Shane Sims, a director of investigations and forensics services at Pricewaterhouse Cooper said, “End-user computers are the weakest spot.”[2]

Privilege: The fundamental principle of justice

Law firms have to ensure that their data is encrypted and secure. They store sensitive information about several cases. All information that a law firm receives falls under attorney-client privilege. Professional secrecy is a principle of fundamental justice.[3] Professional secrecy should not be interfered with unless absolutely necessary given that it must remain close to absolute as possible.[4]The attorney-client privilege is an important facet for every person seeking legal advice.

No barrister, attorney, pleader or vakil shall, without the express consent of his client, disclose any communication made to him in the course and purpose of employment.[5]This includes communication received in any form and on the platform. The 21^st century is witnessing massive technological development. All businesses and individuals are moving to the virtual world. It has become convenient to transfer data virtually. Each case requires enormous documentation. Several law firms are using cloud-based storage systems to store their data. The law firm has the duty and obligation to keep this data safe. The data stored in these cloud-based storage systems fall under the ambit of section 126 of the Indian Evidence Act. Therefore, it becomes vital that the law firm protect and secure the data so stored from any kind of data breach.  

What is a data breach? “Any unauthorised or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to, personal data that compromises the confidentiality, integrity or availability of personal data to a data principal”[6] Therefore, in light of the protection of personal data bill, 2019 and section 126 of the Indian Evidence Act, It is ethically wrong for a law firm to not secure the data stored in any cloud storage system.

A person approaches an advocate or law firm with complete faith that his/her information will remain confidential and it shall only be used to fight the case a in a court of law. Breach of data means breach of this trust, breach of this confidentiality. A law firm must take all necessary measures to ensure such data breach does not take place.

Right to protect your data

It is very evident that securing data is a primary concern. There are several ways by which you can secure your data. Only authorized persons ought to have access to your data. Unauthorized persons should not have access to your data whatsoever. Recently, the Apex Court of India held that the right to privacy is a Fundamental Right.[7] It is not only your obligation but your right to protect your data. Only you have the right to decide who can access your data. The following are some of the ways you can protect your data:

• Multilevel authentication: The user has to authenticate at several levels. This allows the protection of data at every stage.
• Encrypt your data so that only authorized persons will be able to understand your data. Also, make sure the transfer of data is
• Update your passwords regularly and make sure only authorized persons have access to them.
• While transferring data, make sure it a one-time view document and it automatically gets deleted after one view.
• Secure your networks with firewall, use software to detect viruses and run anti-virus programs.
• Prevent other people from copying your data on to another device.

DCirrus to the rescue

It is very evident that law firms and lawyers have to be extra cautious while choosing a cloud storage system. Being negligent, can welcome a lawsuit and take a toll on the reputation of the law firm. It is very important that law firms protect themselves from a data breach. Keeping this mind, DCirrus is the best choice. We understand your requirements and cater to them accordingly.

We at Dcirrus help protect your data from a breach. We perfectly cater to the needs of a law firm. Your privacy is our priority. We ensure the protection of your data. We provide multilevel authentication and encrypt your data. Only you get to decide who get to view your data and to what extent. When you transfer your data, you can restrict the receiver to a one-time view. This means that the document will get deleted automatically after they view the document once. The document will get deleted from the system. You can further restrict the receiver from downloading the document and prevent them from copying the document on any other device. At this juncture, we would like to point out that we have no access to your data whatsoever. It is a conception that the cloud-storage will have access to your data, but this is not true in the case of DCirrus. We do not have access to your data.

Further, for lawyers, we provide the service of case management. You can segregate document under each case. It has to be kept in mind that clients cannot view data of other cases and the case folders can be restricted to only attorneys working on that particular case. This means that all attorneys will have access to all case files. Therefore, DCirrus provides an organization with data protection.

[1] https://economictimes.indiatimes.com/tech/internet/unguarded-servers-behind-big-indian-data-breaches-of-2019/articleshow/73181096.cms?from=mdr

[2] Dysart, Joe. “Lock It Up: Lax Data Security Can Cost You Clients.” ABA Journal, vol. 99, no. 4, 2013, pp. 31–31. JSTOR, www.jstor.org/stable/23425120. Accessed 19 Mar. 2020.

[3] Lavallee, Rackel & Heintz v. Canada Attorney General, 2002 SCC 61.

[4] R v. Brown, 2002 SCC 32.

[5] Section 126 of the Indian Evidence Act.

[6] Section 2(29) of the personal data protection bill, 2019.

[7] K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1.