Financial Disclosure Technology
Data Security and Digital Protection
The need for best practices regarding technology, data security, storage and, privacy has quickly become a moving target for modern professionals. The Ontario Association for Family Mediation (“OAFM”), as in other industries, must make ongoing reasonable efforts to develop best practices and professional standards. We owe it to our clients and to our professionals, both ethically and professionally.
As the applications of data gathering, artificial intelligence, and cloud computing evolve, so must our best practices and compliance standards in order to keep our practices and clients safe. The OAFM desires to provide ethics, standards, and professional best practices regarding its memberships technology protocols, data security, and client digital privacy.
First, it is important to note that most professionals are already using digital technology when interacting with clients and there is likely already data going back and forth between you and your clients, as well as being stored on a professional’s computer or in a professional’s cloud-based account. Before anything, the first question must be, “Do you currently have any data practices and privacy security policies in place now?”
Chances are you are already communicating with your client via email and often that same email process is being used to send private information and financial documents back and forth. When you cannot email certain documents due to their size, you might be turning to services like Dropbox, Microsoft OneDrive and Google Drive for easy file storage and sharing. All of these services are cloud-based and typically do not come with security measures or professional privacy policies put into place.
The OAFM concludes that professionals may ethically gather and store client data, so long as they exercise reasonable care and due diligence to keep client data, information and files safe and confidential.
Professionals; mediators, lawyers and financial professionals should keep abreast of changes in the law and its relation to technology. This means that professionals need to be aware of the benefits and risks of technological applications and the standards that regulate them. Simply put,
professionals should undertake reasonable due diligence to know that their client data is safe and secure.
- When vetting any technology vendor, it is important to recognize that best practices and industry standards evolve alongside the technology itself. Just as technology tools evolve, so must our factors in evaluating the quality and abilities of our hardware and software providers.
- Professionals should make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to a client. The confidential client information transmitted via electronic means must be properly safeguarded, including but not limited to the use of firewalls, password protection, and encryption;
3. Professionals should review industry standards and familiarize themselves with the appropriate safeguards that should be employed. The OAFM recommends asking questions regarding specific providers’ abilities and policies. The professional should investigate the company to determine if it meets industry-held security standards. They should also inquire about the type and quality of security audits it will provide.
4. Professional best practices means that the professional employs, supervises, and oversees third-party providers within reasonable efforts, including investigating the provider’s reputation and history.
5. Requiring a Data and Security Policy that reasonably ensures that the provider will abide by the professional’s duties of confidentiality and will immediately notify the professionals of any breaches or outside requests for client information;
6. The professionals should require that the provider ensure all data is appropriately backed up, such that the professional will have a method for retrieval of the data; and requiring provisions for the reasonable retrieval of information if the agreement is terminated or if the provider goes out of business.
7. Additionally, some opinions suggest you obtain the informed consent of your client before placing confidential information in the cloud. To that end, the professional should think about what language you may wish to include in your retainer agreement to memorialize it
Are you a Family Law Professional?
Ready to innovate financial disclosure?
Join the Financial Disclosure Platform and simplify the process for your clients. Connect to and be found by, other Lawyers, Mediators and Financial Professionals.