Transcript

Inadvertently creating weak passwords or reusing old ones are easy but dangerous pitfalls for attorneys to fall into. The very first step to data security for documents, files, emails, online portals and more, is a strong password.

All attorneys should follow a few simple rules, such as making sure each password has at least six characters, including a combination of both capitalized and lowercase letters as well as numbers. Additionally, the same password should never be used for more than one site.

However, keeping track of multiple unique passwords can be difficult. To ease the burden, Inside Counsel recommends attorneys invest in a password management program,

These programs allow professionals to store passwords for various sites in one place. Then they only need to remember one master password to access them. These programs are safer than storing passwords in individual sites, on a desktop or on paper. They also save attorneys time, increase the efficiency of their office and strengthen information security.

Check back for more information on INSZoom can help you manage your immigration cases.

Transcript

You already understand the importance of backing up your electronic data regularly, and to different servers than those the original information is stored on. However, are you undertaking this chore as efficiently as possible?

Timely and duplicate storage of information is the safest way to ensure you never lose crucial paperwork – an issue that could bring on malpractice claims. However, needing to keep to a schedule and back up your data manually is cumbersome and takes away from the time you have to work on your clients.

Instead of relying on your memory, you can work with an immigration case management software program that automatically backs up your and your clients’ data routinely and to servers in different geographic locations.

Check back for more information on how INSZoom can help you manage your immigration cases.

Transcript

Using a cloud-based immigration case management software program is beneficial to attorneys in many ways. First, it allows lawyers to work anytime anywhere as long as they have the Internet. Second, cloud storage reduces their reliance on paper files, which can be lost or destroyed and hurt the continuity of the practice.

Taking advantage of the cloud for document storage also reduces a firm’s IT costs and liabilities.

When using in-house servers, firms must have their own IT department or work with a third-party provider. Securing the servers and performing updates and maintenance are the firm’s responsibility. Without the proper protections or attention, practices can leave their and their clients’ information vulnerable to cyberattacks.

By using a cloud-based immigration case management program, the servers and cybersecurity are maintained by the cloud provider. Reduced IT responsibilities in-house mean firms can keep fewer technology experts on staff or lower their monthly bill from a third party.

Check back for more information on how INSZoom can help you manage your immigration cases.

Imagine this scenario: The partner walks out of his office and instructs his paralegal to bring him certain client files. The paralegal stops working on the form currently gracing her monitor and heads to the file room. After a few minutes, she’s retrieved most of the files she needs but one. Not wanting to go back to the partner without all the paperwork he needed, she heads to the file’s next most likely location… then the next…and then the next.

On some days, this scenario goes smoother than others and every file is pulled quickly. But, on days like the one imagined above, the partner would have to wait until the file became available from another attorney, which could be the next day if that person is traveling.

Partners should ask themselves: Should the office really work this way? “Keeping an outdated and inefficient filing system will put immigration law firms behind.”

The simple answer is no. It’s 2014, and keeping an outdated and inefficient filing system will put immigration law firms behind in how many clients they can handle at once, and therefore, how much revenue they can bring in each quarter. Not to mention, the chance of success in every matter is reduced when attorneys’ and paralegals’ attention is divided and there’s a risk critical information isn’t available right when they need it.

The only tool needed to get rid of filing cabinets

Getting rid of paper files may seem daunting, but it only takes one tool to reduce the paper floating around the office: an immigration case management system. Firms should purchase a cloud-based case management program that smoothly integrates with its website, email and calendar. This way, the firm has a cohesive platform off which it can build a more efficient and successful practice.

Benefits of a cloud-based system

An immigration case management platform that uses the cloud will allow attorneys and paralegals to dramatically speed up their processes. In fact, they may not realize how much time they spent looking for files until they don’t have to. With a cloud-based program, every form, pleading and petition is at each staff members’ fingertips. Plus, no one will step on each other’s toes when they need to work on one file at the same time – multiple attorneys can view the same document from their own devices.

The cloud-based system also improves business continuity. Firms that rely solely on paper run the risk of that paper one day not being there. While there’s always a chance one file gets lost, there’s the bigger risk that a fire or natural disaster will wipe out the entire file room. This danger is mitigated by storing all client and firm data in the cloud, which is continuously backed up and protected with state-of-the-art security.

cabinets Cloud-based immigration case management systems speed up law firms’ processes so attorneys can devote more time to their clients.
Imagine a new scenario

The partner needs to review a particular client’s file before heading into a meeting. Instead of asking his paralegal to leave her current work and bring him the file, he opens up the case management program on his laptop. With a few clicks he brings up the client’s entire file and sets to work.

Wasn’t that faster?

Once a comprehensive case management system has been installed and the firm has moved toward using fewer paper documents, every member of a firm can put more energy into doing substantive client work and spend less time tracking down immigration forms and files. Now that all staff members can review and add to files in real time through the cloud-based platform, no one has to worry another person will have the file when they need it.

Lawyers work with confidential and sensitive client information every day, which means they need to take precautions to keep this data safe. Many high-profile data breaches have occurred in the past few years, exposing millions of people to the risks of compromised data, including identity theft. Along with tightening a firm’s online security, lawyers should create stronger passwords and encourage their clients to do the same.

It’s often difficult to keep track of the growing number of accounts and passwords attorneys use every day. Many professionals try to create a shortcut by using the same password for everything, or even worse, setting passwords as simple words or numeral combinations such as “12345” or “password.” A report from Verizon revealed 76 percent of security breaches happened after hackers used stolen user credentials to access a company’s system, which is easier when employees don’t use strong passwords.

More accounts mean higher risks of data breaches

Sony Pictures Entertainment’s December data breach was a high-profile example of the importance of stronger passwords. Hackers erased data from the organization’s systems, released previously unavailable movies to the public and revealed employees’ private information, salaries and other sensitive documents. Among the released information was a list of employees’ passwords, which included weak safeguards such as “password” and “s0ny123,” according to Mashable. Employees’ computers contained home addresses, current salaries and even credit card numbers, which were exposed in the cyberattack.

Imagine the information hackers could expose by accessing private legal files.

Cyberattacks in the legal industry

Law firms don’t have the same obligation to report cyberattacks as consumer companies, but a preventable hack may be a breach of confidentiality. Attorneys need to ensure they utilize more complex passwords to mitigate this risk.

Firms may not think they are vulnerable, but many hacks occur simply because there is an opportunity, Lawyerist said. Cybercriminals run scans for weaknesses on any computer connected to the Internet and have many ways to access computers. Lawyerist reported an attorney lost $289,000 by clicking on an attachment in a scam email. The attachment contained a virus that allowed cybercriminals to view everything on the computer. The lawyer later accessed the firm’s bank account from the same computer, giving the hackers an easy way to transfer the large sum to another account. Additionally, the firm’s bank refused to cover the loss.

passwords Weak passwords open the door for significant risks.Weak passwords open the door for significant risks.

Although cybercriminals have multiple ways to infiltrate computers, low-tech methods of identity theft are still common. Lawyers are at a heightened risk for data or financial losses if a bank statement is swiped from the trash or a wallet or laptop is stolen. In particular, a stolen work laptop is a substantial risk. Not only does it have the firm’s account information on it, but it also has clients’ banking data if they pay online.

How to protect sensitive information

Passwords don’t need to be 20 characters long to be effective. Twelve characters is typically long enough, as long as the words are unique. Lawyerist recommended avoiding real words that can be found in a dictionary. Additionally, attorneys shouldn’t use the same password for multiple services, especially if it’s something critical such as email and bank accounts. If a hacker can access one website on a computer, he or she can get on every site that uses the same password. It’s important to store passwords in a secure location. Never leave them on sticky notes on a monitor.

Two-factor authentication is another way to better secure sensitive client information. This process utilizes a known password and a code generated from an app and sent via text or email. Because it takes more than a password to access the account, hacking is difficult for cybercriminals to infiltrate. In addition, lawyers can encrypt files to make them harder to decode.

Because INSZoom’s advanced platform enables document sharing in the cloud between lawyers and their clients, it’s crucial for all parties to take the proper precautions to keep data secure. Making stronger passwords costs nothing and takes little time, but not taking these steps exposes firms and clients to significant risks of identity theft and lawsuits. INSZoom allows lawyers to build better relationships with clients while keeping data secure.

More technology is available to law firms than ever before. However, decision-makers need to conduct a thorough evaluation of their internal needs before selecting a new platform. Some law firms struggle to effectively manage changes, but many benefits can be acquired through new technology, such as better client relations, improved organization and increased efficiency. Here are some considerations before adopting a new case management platform:

Ask for input from all levels of the organization

It’s important to treat end users as stakeholders in the decision-making process. This helps law firm employees to be more engaged in the transition to new technology. Asking for input helps firms put together a more complete picture of the technology needed for everyone to be more efficient. Depending on the unique needs of the firm, a highly user-friendly platform may be the best choice.

Understand everyone adapts at a difference pace

Technology has already caused significant changes in legal practices and given lawyers the ability to work from almost anywhere at any time. Law firms include attorneys from multiple generations, and while millennials may be comfortable with advanced systems, older employees may have a steeper learning curve. Younger lawyers want technology to make their jobs easier and give them more flexibility, such as the ability to telecommute. Requiring attorneys to only work from the office can be limiting, especially with cloud storage, mobile devices and laptops that make mobility simple. Leaders need to enable lawyers to have more flexibility and help older employees adapt to changes.

considerations What do law firms need in a technology provider?
Understand data security

Data breaches are becoming a more significant problem across many industries, and law firms need to take steps to protect their data to avoid a breach of confidentiality with their clients. When moving to a cloud-based platform, law firms need to consider how they will secure their infrastructure, according to FindLaw. Many firms use public Internet, which increases the risks of security breaches. Although public networks have become more secure in the past few years, using the cloud in this environment can open a firm up for vulnerabilities. Law firms need to assess their current data security protection and determine if any upgrades are needed.

Identify key areas that need improvement

Law firms may have multiple goals when they adopt new technology, but it’s important to prioritize the top objectives. Case management software achieves multiple goals. Whether it’s enabling document collaboration so lawyers can work outside of the office or streamlining workflow, INSZoom’s platform helps firms meet these goals.

Partner with a vendor

Successful technology implementation often hinges on a law firm’s relationship with its technology vendor. A vendor will be a partner for the long haul, so it’s important to select the right one. Law firms need a platform that can integrate with their pre-existing internal systems so they don’t face additional costs. INSZoom’s case management software allows law firms to streamline workflow and improve collaboration without missing any important case deadlines, plus it offers support through the life of the relationship.

E-Consent Is Vital To Immigration Law Firms For Two Reasons.

Data privacy and consent are more important now than ever before, including for immigration law firms. Firms have learned — some the hard way — that when collecting personal information from clients, it’s vital to get informed and voluntary consent beforehand. Consent is simple and straightforward with written documents where it usually occurs through a handwritten signature. Electronic consent (otherwise known as e-consent) works on the same principle and is equally as important when confirming who the signer is and that they agree to the terms.

Of course, the concept of consent — both electronic and handwritten — is well-known from a legal point of view, but law firms may not realize how important it is from a business point of view as well.

So let’s dive into a little refresher about recent data privacy and protection laws and then go through the two reasons e-consent is important for immigration law firms not just important from a legal point of view, but also for immigration law firm business development.

Understanding GDPR and CCPA

The General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) have changed the way organizations around the world collect and use personal data. Europe’s GDPR is probably the most comprehensive piece of data privacy legislation, and it affects American businesses, including your law practice. No matter where your business is located, you need to worry about the GDPR and the CCPA. Need a quick primer on what these laws cover? Here are the basics:

At a high level, per Forbes, GDPR is “a legal framework that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. It covers all companies that deal with the data of EU citizens, specifically banks, insurance companies, and other financial companies.” In other words, it’s a set of rules and regulations restricting the use of personal user information that many of today’s largest companies collect, store, and sometimes sell as part of their business.

According to TechCrunch, “CCPA, is a state-level law that requires, among other things, that companies notify users of the intent to monetize their data, and give them a straightforward means of opting out of said monetization.” CCPA became California law on January 1, 2020.

So what does any of this have to do with your immigration practice?

Collecting personal information is required in the immigration process. A visa candidate’s name, date of birth, home address, family member information is just a start. You may also need to collect financial data and health history. In the age of GDPR and CCPA, it is important that immigration law firms collect all of this personal information in a safe and secure manner.

Refusing to implement privacy protections can put your organization at risk of fines and penalties. But complying with the current laws and regulations should not be your only motivation for using e-consent to protect yourself and your clients’ data.

Specifically, there are two important business-related reasons to prioritize e-consent: it’s best practice for your law firm and it’s becoming increasingly common in requests for proposal (RFPs).

E-consent is key for immigration law firms for these two reasons.

Many companies have learned the importance of protecting client privacy through highly publicized privacy fails. Avoid joining their ranks! Privacy protections must be in place for collecting, storing, processing, accessing, transmitting, sharing, and disposing of the data. Yes, I know this list is long, but by prioritizing privacy you’re protecting your clients and your business.

For immigration law firms, one of the ways to prioritize privacy is by providing e-consent to clients who collect personal foreign national information. And here are two major reasons e-consent is great for your firm: it’s a good best best practice to protect you and your firm, and it’s also a powerful business development tool, especially when it comes to RFPs.

E-consent is a good business practice.

Some companies make the mistake of assuming that their established business ethics policies or a code of ethics are enough. Ethics policies typically ensure that confidential information will be handled responsibly, but more must be done to actually protect personal data.

As far as the immigration industry is concerned, law firms’ clients are increasingly demanding that their privacy be proactively protected. That’s why e-consent and other privacy measures should be viewed as not just something legally required of us, but a standard practice across all our operations.

By adhering to GDPR and CCPA data privacy requirements, we’re ensuring both your employer clients and the foreign nationals they hire and support feel secure and worry-free. This next-level data protection is also excellent marketing for your firm because potential clients choose law firms based not only on the ability to file cases but for the broader client experience and support, including robust data privacy.

E-consent can be a deal-breaker when it comes to RFPs.

A Forbes Insights report found that 46% of organizations suffered reputational damage as a result of a privacy breach. And a Pew report found that it was important to 90% of Americans to control the specific types of information that was collected about them.

Almost 75% of internet-using households in the US had significant concerns about online privacy, and according to an Australian study on the impact of data breaches on reputation, 65% of people whose personal data was breached lost trust in the organization that they entrusted to protect that data.

Convinced yet?

That’s why corporate clients are starting to demand more technology and data protection from their immigration law firms, particularly during an RFP when they are looking to switch firms or perhaps add an external immigration provider during a period of growth. Don’t have good privacy practices? They’re not interested in doing business with you.

That’s why law firms that implement privacy protections — such as e-consent — will strengthen and grow their business as they become preferred over their competitors which do not provide such privacy protections.

Did you know that INSZoom has an e-consent module?

INSZoom’s E-Consent module can be used to protect yourself and your organization. It ensures the accuracy and validity of the information your clients provide, gives your clients the ability to pre-consent to your Terms of Service, and allows you to customize the e-Consent message per your organization’s needs. E-consent in INSZoom is a customizable way for organizations to manage and track consent, whether it is terms of service, terms of use, or a statement of truthfulness.

Here’s an example of how it works. If your law firm wants to send a questionnaire to a foreign national to collect personal information or documentation, you can have an e-consent pop up that asks the foreign national to accept or decline a customized message. You can either send this via email, or directly in INSZoom’s foreign national portal.

Ultimately, if an employer needs to procure and track foreign national consent, or if they need to get an official declaration from their users that some information they are providing is accurate, e-consent in INSZoom is the answer.

Want to learn more about how INSZoom’s e-consent module, or get information from our team if you’re going through an RFP and e-consent is part of the engagement? Reach out to connect with an INSZoom rep or visit our website to learn more!

You’ve probably heard horror stories about ransomware attacks. No one is safe from these attacks — law firms both large and small are vulnerable. Now, in addition to the traditional cyber-attacks we’ve come to fear, a new wave of ransomware attacks are hitting law firms. With these new attacks, your law firm’s data isn’t just encrypted and held for ransom, but your clients’ confidential information may be released to the public when the ransom isn’t paid.

There are two key factors that ransomware attackers consider when choosing their victims: accessibility and high-value data. For example, large organizations like universities often have small security teams making them an easier target for ransomware. And organizations like hospitals and law firms have highly sensitive data that they’re often willing to pay steep ransoms to keep private.

The corona-virus pandemic has forced many lawyers into home offices where they must rely on potentially insecure, or at least less secure, internet access and personal devices. And as legal teams continue to work remotely, law firms are left wondering if their data is safe from attack.

But first, what is ransomware?

Ransomware is a form of malware that encrypts a victim’s files making them inaccessible until a ransom is paid to the attacker. The ransoms can range from a few hundred dollars to thousands, often payable to criminals in Bitcoin. One of the most common entry points for a ransomware attack is phishing spam. Phishing spam is attachments that are sent to the victim in an email, masquerading as a file they should trust. Once the files are downloaded and opened, this ransomware can take over the victim’s computer. Some other, more aggressive forms of ransomware exploit security holes to infect computers without even needing to trick users.

Holding data for ransom is the most common form of ransomware, but the latest evolution of ransomware attacks is being driven by a new form of ransomware known as Maze. In a typical Maze attack, the victim’s network is infiltrated and data is encrypted or made inaccessible. What comes next is what sets Maze apart from other cyber-attacks.

With a Maze attack, your data isn’t just encrypted, it’s also stolen and victims of these attacks are listed publicly on Maze’s website. The hackers then demand two ransoms, usually totaling between $1 million and $2 million. One ransom to get their data back, a second ransom to have it destroyed. If you’re unwilling or unable to pay the ransoms, your data will be made available to the public.

How lawyers can compromise the security

The highly sensitive data that lawyers handle make law firms a valuable target to hackers. Here’s a pretty shocking example that hit the news relatively recently: New York-based media and entertainment lawyers Grubman Shire Meiselas & Sacks have recently come under attack from the REvil (Sodinokibi) ransomware.

This ransomware is extorting the law firm, threatening to release sensitive files on the company’s celebrity clients. Grubman Shire Meiselas & Sacks are being extorted for a whopping $42 million ransom. The data at risk of being released to the public if the ransom is not paid includes contracts, nondisclosure agreements, phone numbers and email addresses, and private correspondence.

Ok, so not all lawyers have any celebrity clients, but all lawyers are responsible for keeping their clients’ data private and secure. And the longer we work from home, the more vulnerable our data is to ransomware attacks. So, how can you keep your clients and their data safe?

5 ways immigration lawyers can prevent attacks

The 2019 American Bar Association TECHREPORT noted that 36% of firms have had systems infected, and 26% of firms were unaware if they’ve been infected by malware. Larger firms are the least likely to know if they’ve suffered a malware attack. Security-minded legal professionals have been working hard to limit the amount of data that leaves their control and opting for encrypted, highly-secure, closed-loop systems for their most sensitive documents. Here is what you can do to help prevent ransomware attacks and keep your data safe.

1. Move to the Cloud

More law firms are moving client data and confidential documents from on-premise to cloud-hosted databases. Data is more secure when stored in a system with modern infrastructure and security protocols, instead of stored locally on an outdated system. Fifty-eight percent of firms use cloud technology to manage their clients and run their firms. The cloud provides the security law firms need to protect sensitive and confidential information. Physical security used at most data centers and routine data back-ups makes cloud-based case management software more secure than an on-site database.

2. Monitor email

Hackers exploit technical vulnerabilities via email because lawyers rely heavily on email to manage cases and interact with clients. Lawyers must be trained to monitor email for links and executable files. These files launch automatically when clicked, but applying software restrictions on your devices can prevent executable files from starting up without your consent.

3. Update software and hardware

Application updates are necessary and should not be treated as optional. Each software upgrade provides essential security needed to ward off cyber-attacks. Skipping software and hardware upgrades may offer short-term savings, but you’ll be paying for it in the long-term — loss of data and raised insurance premiums are just two examples of potential costs.

4. Invest in a foreign national portal

A foreign national portal (FN) is typically an interface that’s part of an immigration case management platform made specifically for the foreign national. Through an FN portal, the foreign national or their dependents can log in and perform various functions such as adding personal information, uploading documents, and in some cases view the status of their case and interact with their law firm.

The benefits of using an FN portal to manage immigration cases are numerous and varied. These portals give foreign nationals increased control over their information, which reduces anxiety and increases customer satisfaction. FN portals also guarantee greater data protection by allowing users to upload sensitive documents and otherwise interact directly with a secure, cloud-based portal with security built right into the process. With more access to their information, foreign nationals and their immigration lawyers might also exchange fewer emails, which increases the security of their communications.

5. Train employees on ransomware attacks

Believe it or not, humans are the main cause of most network outages and vulnerabilities. It takes just one human error to throw your entire law firm into chaos. But, you can actually train your employees to help ensure they understand cyber-security and best practices around it. Here are just a few cyber-security rules that are important to keep in mind:

  • Never click on unknown links
  • Do not open email attachments from unknown senders
  • Be wary of downloads
  • Protect your personal data
  • Never use USBs of unknown origins
  • Use a VPN when connected to public Wi-Fi

These steps will tighten your security measures and keep you safe from ransomware attacks.

How INSZoom can help

As data breaches at major law firms continue to make headlines, clients will begin to consider data security when choosing their lawyers And by extension, lawyers have to consider the same thing when looking at the technology they use, especially their case management platforms. Lawyers are obligated to protect clients’ sensitive information from phishing, malware, and ransomware. And INSZoom is built with that in mind, whether related to GDPR and CCPA, data organization, or more.

It’s 2015, so it’s no shock that many immigration professionals, including attorneys, utilize the cloud to improve the efficiency of their practice and get positive outcomes for their clients. In fact, it’s probably hard to go a day without hearing about the cloud. Law firms and in-house departments that have adopted the cloud understand the benefits, and now it’s time for professionals who have been holding out to get onboard.

The true day-to-day benefit of the cloud comes from it making life easier. Immigration-specific case management software puts U.S. Citizenship and Immigration Services and other nations’ immigration forms just a few clicks away and reduces how often attorneys have to hassle with paper files. Lawyers spend less time looking for paperwork and more time helping their clients.

Lawyers can spend less time searching and holding files if they use the cloud.

In order to invest in the most robust CMS available, attorneys need to understand a few things about the cloud and the current state of the cloud products market:

“The cloud may seem like a new concept, but it has actually been around as long as email.”

1.It’s just a fancy term for the Internet. The cloud may seem like a new concept, but it has actually been around as long as email. Cloud computing is simply the storing and retrieving of data through the Internet instead of from a single computer’s hard drive. Data in the cloud is securely stored in either the cloud provider’s data centers and users send or access information to and from the cloud through an online platform, or in a private platform created specifically for a business. These options are known as Software as a Service and Platform as a Service, respectively.

2.It’s here to stay. More lawyers in and outside of the immigration sector are using the cloud for storage and practice management applications. What was once a new and exciting option is becoming the norm. According to the most recent American Bar Association Legal Technology Survey Report, about 30 percent of attorneys used cloud-based software in 2013 and 2014, compared to 21 percent in 2012. The rise in use is not only from younger attorneys who are entering the legal field knowing how the cloud works and how to implement it, but from professionals with decades of experience learning about and investing in this technology.

3.It’s as secure as you make it. There’s a lot of talk about whether or not the cloud is as secure as when companies store data on their private internal servers. Both methods can potentially provide the privacy attorneys need to protect sensitive and confidential information. Ensuring the cloud is as safe as attorneys need it to be merely rests on lawyers doing their research and investing in a cloud provider that offers the right amount of physical security for their data centers and technological security for the traveling and stored data. The security advantage offered by the cloud provider is that it is often more cost-efficient for firms to not need separate IT support to keep their electronic defenses up to date.

4.How you pay for it. The cost of the cloud can differ drastically depending on the services provided and amount of storage purchased. Some public clouds are free, like Google. However, cloud vendors who provide SaaS and PaaS will charge for their product and ongoing services such as the storage space and IT support. Many SaaS providers charge for the implementation plus monthly fees, which can be based off the amount of storage the firm needs. Firms may dislike the prospect of another monthly bill, but the cost of SaaS can often be deducted as a business expense, providing a tax benefit.

5.Not all providers are created equal. The growing popularity of the cloud means the market is now inundated with a variety of providers and products, including many free options. However, not every cloud provider puts the same amount of time and effort into physical and informational security. Firms should invest in a vendor that’s upfront about their security measures, provides data centers located in the U.S. and a digital environment protected by encryption and ISO certification.

Data privacy is and has always been important. Most of the times data privacy is only associated with private information like account number, contact number, contact address, social security number, passwords, emails etc. People protect this information to prevent identity thefts. But for businesses, data privacy goes beyond that. It includes information that helps firms grow and operate, such as customer records, process documents, financial information. As more data is getting digitized, data privacy is gaining more importance. Customers expect data privacy and now it’s equivalent to a consumer’s trust in a company. Laws and regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are brought into practice to protect individual’s privacy as well as unify the way personal data is protected, stored, distributed and used.

Gartner (Source: Gartner Report – April 2019) expects that by the end of 2019, more than 30 percent of technology providers’ new software investments will shift from cloud-first to cloud-only and through 2022, the market size and growth of the cloud services industry at nearly three time the growth of overall IT services. With increase in cloud usage, data becomes accessible from anywhere and anytime. In order to protect your customers’ sensitive information, your firm must embrace a culture of privacy.

We at INSZoom take data privacy and security very seriously. INSZoom, Inc. is a Privacy-by-Design company and possesses ISO/IEC 27001 certification. We are committed to supporting our customers’ trust and confidentiality in their case management work on behalf of their clients. We continue to review and act accordingly to changes in this regulation and serve our customers as they strive to do the same. We work on utilizing the latest in technology and devoting ourselves to best practices ensuring that your data is always secure and always available.

With SaaS applications like INSZoom, responsibility to protect your customer’s data is a shared responsibility of you as a firm and cloud platform provider (INSZoom). GDPR and CCPA provide different rights to individuals such as the right to access, right to delete, right to restrict processing, right to portability and several others. The key here is identifying and setting up your responsibilities, processes, INSZoom application and any other tools from your ecosystem that can enable you to manage these regulations and provide trust to your customers.

INSZoom has multiple features that can aid you in data security and privacy procedures. Here are some key features,

  1. e-Consent module-Allows you to define and take user consent for Terms of use, Terms of Service during the case lifecycle.
  2. User access and role management –Manage your firm users and what level of access they can have to the data.
  3. Foreign National (FN) and Human Resources (HR) Portals –Provide secured data access to your foreign nationals and corporation contacts.
  4. Multi-factor Authentication (MFA) – Enable more than one mode of user authentication to ensure right user has access to the data
  5. Single Sign-On (SSO) – Apply your network authentication or access management to access INSZoom data. Provide this ability to your corporation customers as well.
  6. Policy and Guidelines Module –Publish your general and corporation client specific policies on HR and FN portals.
  7. Use INSZoom as your single record management system to reduce complexity and size of managing compliance.

How can a firm prepare for GDPR and CCPA?
  1. Centralize your compliance efforts
    • Identify key business stakeholders
    • Define the core compliance team
  2. Update and maintain your privacy policy
    • Map data collected by your firm and update your privacy policy, so users understand what information you are collecting and how it’s being used. Policy must tell users what personal information is being disclosed or sold and give consumers the right to opt-out of data selling. Policy should also include a description of users’ rights.
    • Align the policy with the GDPR and CCPA regulations and disclose it to the public.
    • Update “Terms of Use” in INSZoom with your policy language. System will prompt it and collect the consent from your customer when they access the system using HR and Foreign National Portal.
    • You can subscribe to e-Consent module which allows you to manage all policy consent documents/templates. Prompt the “Terms of Service” or other consents while collecting data and documents from customer. It’s an online seamless process and system will track the consent log for you. e-Consent module allows you to notify and prompt the consent again for any changes in policy language.
    • You can also use INSZoom’s “Policy and Guidelines” feature to publish your general and corporation client specific policies on HR and FN portals.
  3. Implement and maintain reasonable security practices
    • Build and maintain inventory of all the personal data collected by your firm. Maintain data in secure environment that allows the necessary personnel to quickly and easily access user information to respond to any customer request.
    • Identify internal or external resources for information technology and data security.
    • Determine any contractual information security requirements.
    • Determine best practices for securing information collected, stored or used by the firm.
    • Regularly review internal information security practices and document them; prepare a data breach notification plan.

    With INSZoom as your record management system, your data is secured, and all measures are put in place to maintain the security and privacy of data. All you need is to define your operational procedures. Refer to the shared responsibility model explained earlier in this article.

  4. Develop a process for responding to customer requests such as access to personal data and specific pieces of information, delete personal information, opt-out of sale of personal information
    • Develop processes to address these requests. Processes should be thoroughly documented; the relevant employees should be well trained.
    • Implement templates for customer service communications.
    • Log and track requests from customers and retain copies of responses.

    With INSZoom, you can maintain all data, documents and communications of an individual in one profile. Use HR and FN portals to grant access to the requested data. You can delete the profile with just one click. Your policy document can include these procedures and using INSZoom’s e-Consent module you can convey it to customers. INSZoom has a Broadcast Module. You can mass-communicate to different groups of customers with your policies and procedures. You can also use INSZoom’s Policy and Guidelines feature to publish your general and corporation client specific policies on HR and Foreign national portals.

  5. Update vendor contracts to comply with CCPA, GDPR
    • Identify vendors or third parties that receive personal information from your business and include appropriate contract terms to address GDPR and CCPA requirements.
    • Review vendors and their privacy and data security practices.

    We have our updated privacy policies published on our website right here and in  the INSZoom application in compliance with GDPR and CCPA regulations.

  6. Train your staff on compliance
    • Offer appropriate training to your staff.
    • Prepare templates and checklists for your staff.
    • Document the training process and how compliance with your policies is evaluated for each employee.

    Establishing a robust privacy and security framework is the key to developing a long-lasting and trusting relationship with your customers and INSZoom is and will be your trusted partner in getting there successfully.

Inszoom Academy