DATA SECURITY
Legal Adjacency Client Data Security Overview
Last Updated: August 11, 2021
This security overview describes the minimum security standards that Legal Adjacency maintains to protect our data and the data and other information provided by you to us while providing services to you (“Client Data”) from unauthorized use, access, disclosure, theft, or manipulation.
Legal Adjacency has a published privacy policy that defines what data is collected and how it is used, see: https://legaladjacency.com/privacy.
The content of this security overview is for informational purposes only. To the fullest extent permitted by law, Legal Adjacency expressly disclaims all and makes no representations, warranties, conditions, or undertakings of any kind, whether express or implied, in connection with this security overview.
We aim to follow current leading industry standards. Legal Adjacency’s security framework includes administrative, technical, and physical safeguards reasonably designed to protect the confidentiality, integrity, and availability of Client Data accessed, collected, used, stored, or transmitted by Legal Adjacency and its authorized representatives.
Legal Adjacency’s office space’s physical security program manages visitors, building entrances, and overall office security.
We keep our systems and software up to date with the latest upgrades, updates, bug fixes, new versions, and other modifications to ensure the security of systems and data to protect Client Data from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure, and all other unlawful forms of processing.
Legal Adjacency’s current policy for password management requirements for any software or systems where Client Data is stored includes either the use of biometric authentication or strong password practices, including a 20-character minimum, with at least three of these characteristics: upper case letter, lower case letter, number, special character, and using two-factor authentication (2FA).
Legal Adjacency performs regular backups of data. Backup data are retained redundantly across availability zones and are encrypted in transit and at rest using 256-bit Advanced Encryption Standard (AES-256) server-side encryption.
Firewalls are used to restrict access to systems from external networks and between systems internally. Firewalls used provide both ingress and egress filtering and have a default policy of blocking network traffic.
As with virtually all law firms, we do not segment Client Data from other clients’ data. Your Client Data may reside on the same servers as another Legal Adjacency’s client’s data. We consider Client Data private and confidential and permit no one other than Legal Adjacency employees to access it unless you explicitly share it or authorize us to share it with someone.
Legal Adjacency uses third-party vendors to support our internal operations or how we provide services to you. Legal Adjacency carries out a security risk-based assessment of prospective vendors before working with those vendors to ensure that they meet Legal Adjacency’s security requirements. Legal Adjacency periodically reviews each vendor, given Legal Adjacency’s security standards, including the access and classification of data being accessed (if any), controls necessary to protect data, and legal/regulatory requirements. Legal Adjacency ensures that Client Data is returned or deleted at the end of a vendor relationship. To avoid doubt, telecommunication providers are not considered subcontractors of Legal Adjacency.
Legal Adjacency contracts with all its vendors, which provide an appropriate level of protection for the confidential or personal data within the Client Data these vendors may process.
We use the Microsoft 365 suite of software. By default, any data, including client data, generated using a Microsoft 365 product not stored locally on Legal Adjacency devices is stored on Microsoft’s Canadian data servers.
Legal Adjacency uses a cloud-based legal practice management solution as part of managing our practice and business. Client Data stored as part of our use of this service is hosted by Amazon Web Services (“AWS”). The current location of the AWS data center infrastructure used by our legal practice management vendor is in the United Kingdom.
Legal Adjacency uses a third-party vendor for our client portals. Client Data stored in a client portal is hosted by our third-party vendor using AWS. The current location of the AWS data center infrastructure used by our client portal vendor is in Ireland.
More information about the security provided by AWS is available from the AWS security webpage available at https://aws.amazon.com/security/. In addition, the overview of AWS’s security process is available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.
AWS data centers that host Legal Adjacency Services are strictly controlled at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication at least two times to access data center floors. All visitors and contractors must present identification and are signed in and continually escorted by authorized staff. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions. Each data center has redundant electrical power systems available 24 hours a day, seven days a week. Uninterruptible power supplies and on-site generators are available to provide backup power if an electrical failure occurs. More details about the physical security of AWS data centers used by Legal Adjacency’s vendors are available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.