Posted By Gbaf News
Posted on September 11, 2013
Integrated document portals replace insecure email messaging
The news that a bank has been fined £75,000 by the Information Commissioner (ICO) for repeatedly faxing a customer’s confidential financial information to the wrong recipients will send shock waves to those who handle clients’ sensitive financial information on a daily basis. However, there may be an upside, as the case will undoubtedly help to raise awareness about legal obligations to protect client data. It seems that businesses are not taking the measures required to protect client data when they communicate with their clients by email as recommended by the Information Commissioner’s Office (ICO) and this is confirmed by the findings of a recent survey by the IT Faculty of the Institute of Chartered Accountants in England and Wales.
Data Protection law is tough and set to get tougher still in the next two years and the ICO has already laid down recommendations that sensitive personal data should not be transmitted by email across the internet unless encrypted to current standards. It states that: ‘spreadsheets or other documents containing personal data shall be sent by email only when necessary. When sent by email, consideration should be given to implementing password or encryption controls to documents containing personal or in particular sensitive personal data.’
New EU rules are likely to be introduced in 2014 and although it is not yet known whether these will be in the form of a regulation or a directive or both, the prognosis is for tougher sanctions with fines of up to 2% of turnover. Likely changes are set to include:
- Broader definition of personal data
- Explicit consent
- ‘Right to be forgotten’
- Notification of breaches
- Tougher sanctions – possibly up to 2% of global turnover
This could have a significant impact on those that make mistakes so what can be done to ensure electronic communication is secure?
Secure client communication
One option is not to use email at all and use a secure portal for document exchange that encrypts every item of data going back and forwards to the highest levels as used by the FBI, Government and Banks. Not only is the data encrypted during transmission, all files and data are encrypted in storage in the Cloud making it impossible for hackers to penetrate.
Integrated document portals are found in next generation document management systems and provide the perfect solution to tackle the issue of security when communicating sensitive financial information with clients.
As the technical landscape evolves, new tools and systems that cater for a secure, dynamic 24/7 business environment are needed.
The portal works by providing the mechanism for secure document storage, sharing, distribution and workflow between companies and individuals. Users are able to publish documents to an individual notifying them via an email address. The document is securely uploaded to the Cloud and an email notification sent to the client advising them that there is a document for their attention. Users then access and view documents published to them via the portal website.
Accountants are among the first to have recognised the power and scope of secure, document portals. They realise the benefits that innovative technology can bring to their business in terms of efficiency and customer service and portal technology makes it possible to carry out a range of actions including approve, change the status of, and respond to documents. This rapidly becomes second nature allowing digital/electronic signatures to provide a seamless end-to-end sign off process.
Firms, large and small, process confounding levels of documents every day. The days of simply scanning to archive are gone. Accountants are looking to the latest document management technology to provide a fast, accurate, integrated and secure environment. Integration, version control and collaboration are key requirements.
Laurence Moore, chairman, Prime Accountants is a member of the IT Faculty and takes security very seriously. He says: “It had been too easy for us to send emails to clients and attach documents without taking security measures. Now we have the portal in place, electronic document exchange is the default.”
The firm gives clients the option to still receive their documents by post although this is only a small number. He added: “It’s all a matter of efficiency and improving services. We run a business and consider it a sound business decision to reduce postage costs. It is easy to forget that clients have to go to the trouble of finding the right sized envelope and then pay the postage to return signed documents to us so the portal saves them money too.”
“The portal is part of our strategy to embrace technology and it is a strong differentiator. We are finding that clients are moving to us because we are promoters of cloud accounting and we support new aspects of technology that make it easier for us to do business with them. It’s important to be up to speed and one step ahead. The electronic exchange of documents allows us to be consistent and to provide a standardised approach to client service.”
The streamlining and the securing of client communication cannot be left to chance. The Data Protection Act states that ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’. While the law doesn’t say e-mailing is legal or illegal, if something goes wrong and the latest advice from the ICO has not been complied with, the chances are greater of being found to be at fault.
Use of an integrated document portal guarantees that client documents are completely secure and that they do not fall into the wrong hands.
This article is based on a webinar presented by the ICAEW in association with Lindenhouse Software (www.virtualcabinet.co.uk). It can be viewed at: http://www.icaew.com/en/technical/information-technology/it-faculty/webinars.
Virtual Cabinet with its’ integrated document portal is available in the UK, US, Australia, New Zealand and South Africa