Deposition Transcripts – How Secure Are They?
When you hire a court reporter is there a security plan? Does that reporter have a completely different plan than the agency that made the assignment in the first place? What obligations and responsibilities do either have with respect to your client’s sensitive information? It’s important to ask these questions because they point to a blind spot. Just how secure is your transcript?
Your client shares personal, private information while a reporter records every word. You spend hours in deposition, and then you don’t see the transcript for weeks. What happens to that information over the course of a two-week turnaround? Where is it stored? Who has access to that information? Most importantly, if your client asked for assurance, could you honestly say the transcript is secure?
Probably not.
Deposition Transcripts – Gateways to Your Clients’ Sensitive Data
When you’re rushed to find a court reporter with only hours to spare, you probably don’t think to look for a written information security plan. But maybe you should.
Why? Well, that deposition is just one of many gateways to your client’s sensitive data. It should go without saying, but your client’s information is a prized trophy for any aspiring cybercriminal. According to the American Bar Association, law firms with a wealth of information and less-than-ideal protection are preyed upon for this very reason:
“Law firms are targets for two general reasons: (1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.”
It shouldn’t be surprising that a 2021 survey by the American Bar Association found that 25% of respondents fell victim to a data breach that year. Even more concerning, a 2019 American Bar Association survey reported that 19% of respondents couldn’t even say whether they had suffered a security breach or not. The larger the firm, the greater the uncertainty.
So add cybersecurity to the list of duties that demand your attention.
Deposition Transcript Security – What is My Role?
Attorneys should exercise “due diligence” when assessing a prospective vendor and take a fact-based approach when making decisions. Attorneys should consider a vendor’s security policies, protocols, and use of confidentiality agreements. Attorneys should also consider security with respect to virtual practices and risks of inadvertent disclosures. When using a video conferencing platform, attorneys should choose a service that’s consistent with these ethical obligations. Access control, passwords, and confidentiality are major considerations as well. As noted by the American Bar Association:
“Access to accounts and meetings should be only through strong passwords, and the lawyer should explore whether the platform offers higher tiers of security for businesses/enterprises (over the free or consumer platform variants). Likewise, any recordings or transcripts should be secured. If the platform will be recording conversations with the client, it is inadvisable to do so without client consent, but lawyers should consult the professional conduct rules, ethics opinions, and laws of the applicable jurisdiction. Lastly, any client-related meetings or information should not be overheard or seen by others in the household, office, or other remote location, or by other third parties who are not assisting with the representation, to avoid jeopardizing the attorney-client privilege and violating the ethical duty of confidentiality.”
This is all to say that when it comes to protecting sensitive information, anyone who handles your client’s sensitive information must have a tested security plan.
Deposition Transcript Security – What’s The Plan?
It’s one thing to require a security plan. But how can attorneys judge that plan’s effectiveness? An important question for sure. One way is to look for reporting services that are SOC 2 certified. SOC 2 certification is a voluntary assessment standard created by the American Institute of CPAs that focuses on secure customer data management. The certification process uses third-party audits to examine the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy. More specifically, SOC 2 compliance identifies four steps to protect data: access controls, change management, system operations, and risk mitigation.
Readback – A Solution for Secure Deposition Transcripts
Ensuring your data security can be a lot for one person to handle. It often involves multiple independent parties exchanging your information, raising security concerns each step of the way. The court reporter you hire might be an independent contractor with his or her own security plan . . . or maybe no plan at all. This means that confidentiality and access to your client’s sensitive information could vary depending on who is assigned to your case.
Readback, the first to offer Active Reporting, takes principles of confidentiality and access control very seriously. Readback’s parent company, InfraWare, Inc., is SOC 2 certified and has extensive experience in medical and legal transcription. This means our company is familiar with meeting the high expectations and requirements of safeguarding personal health information and personally identifiable information. When you schedule a Readback deposition, access to the remote proceeding is controlled by session identification and a password. Additionally, Readback’s team-based structure affords more control and oversight for your information throughout the deposition process. All of this is part of a company-wide standard that we set for security to ensure your clients’ private personal information stays private. Can you say the same about that last-minute court reporter you just hired? If not, consider trying Readback for your next deposition and take your security game to the next level.
