Addressing Compliance and Data Security in Client Self-Service Portals
    Title*Addressing Compliance and Data Security in Client Self-Service Portals
    Header Image


    Posted 10 January 2020


    Today’s law firms hold a vast amount of sensitive client and financial data. With the General Data Protection Regulation (GDPR) and the fifth directive of the Money Laundering Act, comes higher demands on your firm to keep this confidential information secure. Additionally, with such highly sensitive information at play, law firms have become a prime target for cyberattacks. A 2018 report from the National Cyber Security Centre found that 60% of law firms reported to have suffered an information security incident in the previous 12 months. 

    As firms look to modernise their processes and services through digital transformation, it becomes crucial for them to partner with providers who understand the complex security and compliance issues law firms face. One area where data protection dominates is client self-service portals. 

    An increasing number of firms are responding to client requests for greater control, speed and accessibility with self-service client portals. These custom-built portals use document and workflow automation to enable clients to gain on-demand access to automated versions of the firm’s most frequently-requested and highest-value documents. The portals offer ample benefits for both firms and their clients, including quicker access to high-quality work and increased profitability. However, they also pose some crucial security questions that need to be addressed to give clients’ the peace-of-mind that their data is safe and secure. 

    Here, we take a look at some of the top information security concerns to consider when selecting a technology partner for your client portals.

    Do they have a documented information security policy and how often is it reviewed?

    When it comes to information security, it’s vital to understand the standards, policies and procedures your technology partner has in place to keep your data safe. One way to ensure your partners are committed to protecting your data is to look for those with an ISO 27001 certification. 

    Standards like the ISO 27001 ensure that vendors have the right formalities and processes in place to ensure effective risk management. Though many organisations follow a standard set of procedures to achieve their security objectives, ISO 27001 certification provides formal proof that best practices are integrated across all levels of the organisation. Additionally, for companies to maintain certification, they must undergo annual audits and a three-year certification process to ensure they meet the stringent requirements set out in the standard. 

    If you select Sysero to develop your client portals, you can rest assured that we have our ISO 27001 certification and are committed to maintaining the highest levels of confidentiality, integrity and security for our clients. 

    What are their data retention and protection policies?

    A core part of GDPR is not keeping personal data for any longer than is required. You should also erase or anonymise it when you no longer need it. As you look to implement a client portal, look for partners who have features built into their software to secure and remove personal data after it’s no longer required. 

    For example, Sysero gives you the ability to create custom data retention policies to govern how and when data is erased. Additionally, Sysero not only allows you to anonymise your data, but go one step further with pseudonymisation.

    Pseudonymisation is the technical process of replacing the most identifying fields within a data record, such as a Social Security Number, with artificial values from which the identity of individuals cannot be intrinsically inferred. Pseudonymisation can greatly reduce the risks associated with data processing, while also maintaining the data’s utility.

    How is data stored and accessed?

    As with any collaborative technology, multiple users will have access to data within your system. However, providers with a security-first mindset should be able to provide permission-based features to limit access to confidential and sensitive information. For example, Sysero offers the option to hide selected data from various people within a transaction, whilst allowing wider access to less sensitive, but necessary information. 

    Furthermore, Sysero employs audit trails that can be used to review who has been granted access to specific information or documents, who’s accessed documents, and who’s made changes within a transaction, and when. 

    If you’re looking to develop a self-service client portal to expand your service offerings, we can help you determine the best way to secure your data. Get in touch with our team today - we’d be happy to answer any of your questions or provide guidance on developing a secure, compliant system for your clients. 

    SummaryAs firms look to modernise their processes and services through digital transformation, it becomes crucial for them to partner with providers who understand the complex security and compliance issues law firms face.
    Resource TypeBlog
    CategoryLegal Services Delivery
    Privacy Policy
    Cookies help us to improve your user experience. By using this site you consent to cookies being stored on your device. Read more...
    Back to Top