Tuesday, 3 November 2009

Law firms & email encryption

I see from ComputerWeekly that UK law firm Browne Jacobson are to encrypt all their emails using PGP's Universal Gateway EMail (Wikipedia), after reviewing their security strategy, in order to "secure e-mail communication with large groups of customers, partners, experts and witnesses using clientless e-mail encryption."

Good for them. I've always been surprised that so many law firms don't encrypt their emails or attachments - particularly as emails between law firms and their clients (or with other firms) often contain confidential information, including sensitive and indeed price-sensitive information. Surely it's best practice.

At the very least, I think documents attached to emails ought to be password protected as a matter of course.

I'm surprised that, as far as I know, no law firm has come a cropper yet due to lack of encryption. Surely it's only a matter of time before those who scour bins (now hopefully countered by law firms shredding their waste papers) move on to intercepting solicitors' and attorneys' emails to look for juicy inside information on proposed mergers or other confidential business information. Organised crime have done very well with phishing, identity fraud and the like - think how much more money they might make from private business data.

Why aren't the authorities which regulate the legal profession, in whichever countries, more strict about encryption?

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.