This is a recurring theme on this site if only because I give a regular presentation on the topic for lawyers coming to practice in Ontario from outside the province. The fundamentals of protecting client data – confidential and private information the lawyer collects during the delivery of legal services – are pretty clear but there are always new examples of lawyers making missteps. The technology itself shifts, and it was interesting to note that, where in the past I spent a long time talking about encryption, it’s now so integrated into operating systems and devices that it’s mostly a matter of turning it on.
Passwords are another recurring topic. They’re the front line and there’s still the concern that someone will use a simple – guessable – password to protect their client information. But the password world is shifting and each new million-password crack that happens on a Web site creates additional scope for intruders. This means that a password that is re-used in more than one location may get discovered in one place and create a vulnerability in a completely different one. At least we’re getting away from just talking about not using 123456 as a password.
The paper for the session is available as an e-book or pdf (free). Here are the slides from this latest session: