Data security and encryption for Lawyers
As a professional secret expert, lawyers in particular are particularly challenged to ensure compliance with data protection and personal law requirements.
Lawyers are subject to confidentiality under the subject of the German Criminal Code § 203 and collect a large number of personal data, which are usually stored electronically today. Some transcripts are also made directly to a tablet computer or MacBook.
Since 25 May 2018, new data protection rules have been in force, which become effective under the EU General Data Protection Regulation (EU GDPR). The EU GDPR is an European Union regulation that unifies the rules on the processing of personal data by private companies and public authorities across the EU.
Keep in mind that personal data must always be protected against unauthorized access, including in the event of loss / theft. In the event of loss / theft, where the data can be viewed by unauthorized persons, you must always inform all persons concerned.
The use of cloud storage solutions is also particularly problematic. If you store unencrypted data in the cloud, you need a data processing contract with the cloud service provider, and still need to notify all your clients of possible disclosure or theft in the event of a data breach. This risk is too high and, unfortunately, far too often in the past. Your clients data deserve better protection.
Solution
If you collect client data on a Mac and/or iPhone/iPad, you can store that data with SimpleumSafe GDPR compliant. Strong encryption is used on the devices. A synchronization of different Macs or iPhone/iPad can also be carried out encrypted via the cloud. In this case, the cloud provider has no way to gain insight into the data, nor does it need to be concluded with a data processing contract.
SimpleumSafe is already used by many lawyers. Due to the similarity with the Mac Finder, an introduction is done quickly and a training is not necessary.
Solution in detail
Pseudonymization and encryption (GDPR Art. 32 (1a)
Digital data are files that have a file name and content. Even the file name can often provide information about the content. According to GDPR Article 32 (1a), pseudonymization and encryption are appropriate technical measures for the protection of personal data. SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. File names are not recognizable from “outside ” with an unopened Safe.
Confidentiality (GDPR Article 32 (1b)
Access to the data with SimpleumSafe is only possible with a password or with any biometric authentication.
Integrity (GDPR Article 32 (1b)
Integrity is the protection of data against manipulation and damage (hardware defect). SimpleumSafe provides an integrity check that checks all data for readability and error-free decryptability.
Availability, recovery after technical incident (GDPR Article 32 (1b.c)
You can backup a Safe created with SimpleumSafe encrypted with Apple Time Machine or any other backup solution. In addition, SimpleumSafe itself has its own backup solution. As a result, your data backup is encrypted. In the event that you have forgotten your password and you are actually no longer able to access the data, you can use a so-called recovery password to reset your password, provided you have previously created such a recovery password.
Information for all affected persons in the event of data loss or theft
If you have encrypted your data with SimpleumSafe and a Safe ends up in the hands of third parties by theft, you do not have to share this information to your clients. This is where GDPR Article 34 (3a) applies]: […] The communication to the data subject […] shall not be required […] in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption […] ”
Data in the cloud
SimpleumSafe uses the “extreme secure synchronization ” for synchronization with the iCloud. Even if the synchronization data has been stolen from the cloud and the password has become known, the data can still not be decrypted. In this case, the cloud provider is not a order data processor according to GDPR, as he cannot gain access to the data.
Create photos with personal information
Use the ability to use SimpleumSafe for iOS to directly create photos on iPhone and store them in the Safe in an encrypted manner. These photos are then not stored in the photo library. This allows you to easily photograph client documents, etc.
Examples of use
We want to help you manage, organize and edit your sensitive data as easily as possible with SimpleumSafe. And it all works encrypted throughout. Because the SimpleumSafe user interface for Mac is designed similar to the Mac finder, you can simply drag your files from the finder to the open SimpleumSafe and these are immediately encrypted in the Safe.
Different Safe locations
You can store a Safe at different locations. On your hard disk, on a USB flash drive, or on a network drive.
Secure editing of the data
When editing or in the preview, the data remains encrypted throughout. Once processed, the data is automatically imported back into the Safe.
Encrypted photography
With SimpleumSafe for iOS, you can photograph encrypted from the app and the photos are immediately stored encrypted in the Safe. The photos are then not stored in the photo library.
Encrypting contacts
You can import your contacts (.vcf) and store them encrypted in SimpleumSafe.
Create notes and comments
You can create notes (.txt) and edit them further. Each file can also be commented on in a comment box.
Image viewer and slideshow
With the image viewer and slideshow, you can view all your photos in full screen mode.
Extreme Secure Synchronization
Convenient synchronization of the Safes between iPad, iPhone and Mac. This allows you to keep your data up-to-date anytime, anywhere.
Multiple Safes
You can create multiple Safes and use them completely independently. For example, you can create themed Safes, or a Safe for each client.
Simple and intuitive usability
Due to the simple and intuitive usability, no training or introductory projects are necessary.