Posted 24 Oct 2010
Attorneys are supposed to keep their clients secrets in strict confidence. It is probably attorney malpractice to disclose client secrets. And I am not just saying that so you tell me all your juicy gossip. Better privacy helps our legal system work. Free encryption software not only helps attorneys protect client secrets, it may be necessary to avoid attorney malpractice.
Recently I was scanning information on the latest reported data breaches throughout the US. A data breach is when personal information, like social security numbers, credit card numbers, etc., that could be used for identity theft has been compromised. The Identity Theft Resource Center publishes this figure, along with having a lot of other useful stuff.
The data breaches they report all come from either unsecurely transfering files, accidental compromise, insider theft, theft by subcontractors, or even hackers. And, the report only contains breaches that were reported in the media.
As you scan through the document you notice some very disturbing things. First, you see a lot of recognizable names that might have some of your data. AT&T, T-Mobile, Citigroup, Priceline.com, TGI Friday's to name just a few.
The next thing you might notice is that a lot of those recognizable names have had significant breaches where thousands, and sometimes millions, of records have been compromised. Here are just a few of the most notable examples out of 113 pages of breaches so far this year. Holy data security, Batman!
Company | Number of Records Compromised |
Education Credit Management Corp | 3,300,000 |
JP Morgan Chase - Circuit City | 2,600,000 |
AvMed Health Plans | 1,200,000 |
South Shore Hospital (MA) | 800,000 |
Citigroup | 600,000 |
Blue Cross - Anthem - WellPoint | 470,000 |
Affinity Health Plan | 407,000 |
US Army Reservists, Serco, Inc. | 207,000 |
Massachusetts Secretary of State | 139,000 |
As you scan the document even more, you will notice that a lot of the reported breaches show a red zero indicating no records were compromised. This is slightly misleading. A red zero means they don't know how many records were compromised. Maybe a big giant red question mark would be more appropriate.
There are some other things you might not notice. Hidden away in the data are a few black zeros. These reflect records that were encrypted and so even though there was a breach, the data remained secure. This gives us a hint at just how few companies are actually using encryption effectively.
The low number of companies using encryption software is totally ludicrous. Encryption is incredibly simple to use and there is plenty of free encryption software. TrueCrypt is a free, open source program that provides excellent encryption of data and much better privacy.
If you have never heard of TrueCrypt, any other free encryption software, or encryption at all for that matter, encrypting all of your files will take you a total of about 8 minutes.
Go to TrueCrypt.org and download the free encryption software. (1 minute)
Go through the tutorial which will walk you through, step by step, how to encrypt and unencrypt files. Make some dummy document and picture files to practice with. (5 minutes)
Once you are done with the tutorial, encrypt all of your most sensitive files. (2 minutes)
Oh, and here's a tip. Check the total size of the files you want to encrypt and estimate how much more encrypted storage space you will want in the future before you start creating a place to hold your encrypted data. You will need to specify the size of the encrypted file before making it.
Now for one of the most disturbing things that I noticed. There are several attorneys and law offices on the list. Holy Attorney Client Privilege, Batman! This can pose some serious problems for attorneys in the near future, if it's not a problem already.
Lawyers have strict rules of ethics that they must follow. Most states prohibit a lawyer from revealing confidential client information. Some states are even more strict than that. Plus, lawyers are supposed to act competently to avoid even the accidental disclosure of confidential information.
Given the ease with which even a computer novice can effectively use encryption, it may become the minimum level of competence that lawyers are expected to use to protect their client's confidential information. Failure to use that minimum level of competence could lead to sanctions for attorney malpractice, malpractice lawsuits, and more. Using free encryption software could help avoid attorney malpractice.
Business owners, both large and small, should also take note. There is lots of legislation requiring business owners to protect the data that they collect from customers and clients and to promote better privacy. If it is this easy to use free encryption software to protect the sensitive data that you use and store, it could easily be the reasonable standard of care in a negligence lawsuit.
It may even be required by law. Why not spend 8 minutes to potentially avoid millions of dollars in legal fees and damage awards. Even if that is not the standard now, why risk it.
Talk to your attorney and ask them if they use encryption. Talk to the businesses you deal with and ask them if they encrypt customer information. If they don't, email them this article, or just tell them about it. Both you, and they, will be glad you did.
Data breaches happen. They will always happen, even if every one is using encryption. But they will happen much less, and much less data will be at risk if more people use encryption. Judging by the Identity Theft Resource Center statistics, it doesn't look like very many businesses use encryption for better privacy. If you are a business owner, attorney, or just a concerned client or customer, send this to your attorney, accountant, business partners, and friends. They need to know that data is at risk, they may be held liable for a breach, and prevention will take about 8 minutes of their life.