Protect against accidental data disclosure

With European Commission regulation imminent, it’s time to install software to protect sensitive information and ensure it doesn’t go astray

Lawyers discussing work

In just over 12 months, the UK will undergo the most significant upgrade to data protection law seen in 20 years.

The General Data Protection Regulation (GDPR) stipulates new minimum requirements with which any documented personal information must comply, for the protection of all EU citizens.

While Brexit has dominated conversations for more than a year now, the reality is that companies must act now to ensure their data protection systems and procedures meet the GDPR standards in time for the May 2018 deadline.

In any law firm, thousands of documents exist containing sensitive personal information. Should it ever wind up in the wrong hands, the outcome would be at best embarrassing, at worst commercial suicide, or an unlawful breach of the GDPR.

Software from DocsCorp ensures that the right information gets into the right hands, only ever as intended.

Lawyers hold scans of clients’ ID documents for various purposes including compliance with anti-money laundering legislation. These documents are often scanned, saved as image-only files of mixed quality and finally stored in the law firm’s chosen document management system.

Preparing for an audit is stressful enough, but imagine if you had no insight into a quarter of your information. DocsCorp says some data is unsearchable, or “dark”, meaning that most companies can’t locate 20 to 30 per cent of data they possess.

Assuming files are organised by client surname, or even ID type, there will be thousands with similar names through which you have to sift to locate a particular file.

Software from DocsCorp ensures that the right information gets into the right hands

contentCrawler is an integrated analysis, processing and reporting system from DocsCorp that quickly scans image files, “reads” the content using optical character recognition and converts the files into text-searchable PDF format, which makes searches more effective. Having illuminated the dark data, contentCrawler also has the ability to compress these files for more efficient storage.

Poring over endless unreadable files may be inefficient and costly and, given the looming GDPR, puts firms at risk of being non-compliant. But a bigger risk is if you accidentally sent sensitive information you didn’t even know you were sending.

As well as sharing “hidden” information, such as the original author, number of versions and time spent on revisions, unintentional data disclosure can be much more damaging, says Ben Mitchell, Europe, Middle East and Africa vice president for DocsCorp.

“We once saw a law firm with an incredible spreadsheet logging all their clients and their respective fees,” he says. “One lawyer thought he was only copying selected cells into a proposal document, but had actually been embedding the entire spreadsheet instead.

“A simple double-click would bring up the lawyer’s entire client list and a historical rate card showing what they all were being charged.”

Beyond commercial sensitivities, another area where breach of confidentiality is important is clinical negligence, where patient health data has been released.

Mr Mitchell says: “If a sensitive e-mail or attachment contains more information than it should and is sent to the wrong person, that puts firms in very dicey territory. It forces them to make declarations to their clients about data breaches.”

cleanDocs is DocsCorp’s metadata removal software. It “cleans” outbound documents of all hidden data, protecting organisations from accidental information disclosure and metadata leaks.

With GDPR now imminent, the brightest legal minds are making efforts to ensure they have the requisite storage and retention policies in place for sensitive content.

But as Mr Mitchell warns: “You first need to be able to isolate where that content is and, if you can’t search for it, it is invisible.

“This doesn’t preclude the Information Commissioner’s Office from auditing you and issuing fines because you cannot adequately isolate where you are storing sensitive personal data.

“Today’s businesses must have safeguarding technology tools in place to help them comply with GDPR. Now is the time to prepare before it’s too late.”

For more information please visit