Corporate treasure now is not
locked up in vaults — it is, ironically, stored on computer “servers.”
To keep data from being served
too readily and to the wrong
orders, computer system security
— a very complex and multifaceted discipline that changes
with vertiginous speed — must be
vigorous and strong. Legal agreements increasingly build security
requirements in, and legal counsel must attend to the growing
scope of liability for inattentiveness to the problem.
Privacy legislation, and the
related expectations of customers,
is the best known source of data
risk. Over and above so-called
“privacy” obligations in privacy
legislation (concerning collection,
use and disclosure of data), there
are also obligations to store data
securely. A breach of data security,
even if only of personal data
related to individual customers,
may create exposure to damages
and class action liability.
As in the well-known U.S. case
of Heartland Payment Systems,
data breach liabilities are not
necessarily limited to customer
losses. Legal fees alone in the
Heartland case are estimated to
be in excess of $26 million. The
costs of cleaning up and
responding to the mess and its
attendant publicity also run easily
into the many tens of millions of
dollars for a large business.
The directors and officers of a
corporation are responsible for
managing its business. Few
boards delve deeply into “
whatever it is that the systems people
do, anyway…”. Large systems fail-
ZHUDIFENG / DREAMSTIME.COM
Companies need to develop a sophisticated data security plan to make breaches less likely.
ures and Y2K risk made some
take notice, and the increasingly
exacting standards of management of financial and other corporate data, such as those necessary for the making of
Sarbanes-Oxley certifications, are
ones board executive committees
must be attentive to.
Progressive boards are more
frequently establishing information technology committees,
thereby treating information systems with the degree of importance attached to audit (a function
not only of data integrity requirements, of course, but of the strategic importance of computer systems to modern business).
In cases such as Heartland, it
has been said that the evaluation
of security standards in hindsight
and in light of a breach has been
harsh. While privacy commis-
sioners are tending toward a more
balanced approach, breaches will
cast a bad light on existing pro-
cedures. That makes a finding of a
breach of legislated obligations
— and required costs of expensive
upgrades — more likely.
Richard Owens is counsel in
the Toronto Office of Stikeman
Success of going paperless depends on staff buy-in: involve them at every step
Continued From Page 9
documents. Before going paperless, it would have been almost
impossible for me to be away for an
entire month and continue operating a solo practice.
Electronically stored documents are accessible and can be
edited by multiple users. This simplifies collaboration within your
office and with others outside the
office, whether fellow professionals
or clients. A paperless office also
facilitates e-filing documents at
court, the land titles office and
Searching for misfiled paper
documents can be a lengthy exer-
cise in frustration. In a paperless
office, files are named and retrieved
with ease, dramatically decreasing
time spent locating and retrieving
documents, both current and
archived. Search software makes it
quick and easy to find an inadver-
tently misfiled electronic docu-
ment. A comprehensive backup
system provides security.
Develop a plan
Brainstorm with your staff.
Their buy-in is critical to the suc-
cess of going paperless, so involve
them at every step. Evaluate how
you currently create, organize, and
store your physical documents to
gain insight into the logical organ-
ization of your electronic docu-
ments. Consider whether to go
paperless with only new files or
concentrate on one practice area.
Develop a timeline and stick to it.
Make an inventory of hardware
you currently have and determine
what needs to be purchased.
Research scanners, second monitors for everyone (a must!) and a
comprehensive backup system.
Make an inventory of software
you currently possess and deter-
mine what is needed. Consider the
ability to scan to PDF and to OCR
(optical character recognition),
and how to manipulate, search,
mark-up and redact. Decide
whether to purchase document
management software or develop
your own system. Backup software
is a must.
These are the backbone of your
paperless office. If you are not buying an off-the-shelf document
management system, develop
protocols to document how files
are to be named and stored. Work
out the processes — who will scan
incoming documents, by when,
and what is to be done with paper
copies. Strategize ways to achieve
100 per cent staff compliance.
Ensure your backup system is
adequate with layered, daily, off-site, incremental and full backups.
Implement and monitor
You are now ready to take the
plunge to paperless. Review your
progress regularly (weekly for a
while, then monthly). Monitor
your newly-developed protocols
and revise as needed. Check that
backups can be restored.
With careful planning, every
law office can go paperless with
ease and confidence. It is not a
passing trend and the benefits
are worth the effort. Join the
ever-growing number of lawyers taking the plunge to paperless. ;
Donna Neff is the principal
lawyer at Neff Law Office Profes-
sional Corporation in Ottawa,
practising primarily in the areas
of wills, estates and trusts.