User login

PII Seattle Takeaways for Legal Services


Rowe at PII 2013For the last three days, I have been out at the  Privacy Identity Innovation here in Seattle.  This has been a great conference focusing on privacy, security and new ideas.  The conference is about 1/3 lawyers, 1/3 techies, 1/3 policy wonks.  I have 5 quick practical takeaways and 3 tech companies that are worth checking out:

Best practices:

  • Two factor Authentication is for sensitive data is becoming much easier to implement. The cost is dropping and the easy to implement with non-techies is much better than it has been in the past. (I will do a whole post on this next week.)
  • Privacy / security must be top down: The CEO/Director must be the Chief Ethics Officer to create a culture that puts clients privacy first.
  • Privacy / Security must be embodied by every at the planing level. 
  • Tech Hippocratic Oath - Several people mentioned the need for a techie oath that would put privacy and security forward as values of the community.  Think of this as an RPC for Techies. I strongly support this idea.
  • Audit your privacy bi-anally - Hire an outsider on a regular test your systems and audit your work flow.  A fresh set of eyes will shed light on vulnerability that an insider will never notice.  You need more than just good intentions to keep clients data secure you have a responsibility to find problems before leaks occur.  

Tech Ideas:

  • Yubico - Open Source, low cost Two-factor authentication through USB. Two-factor authentication is a strong authentication method where the user provides two types of identification. Two-factor authentication combines something you know (a PIN or a password) with something you have (a physical device like a YubiKey.) The YubiKey will work with any computer that can support a USB keyboard, and can uniquely identify itself with the one-time password it generates, making it an excellent device for two-factor authentication.
  • -Private text messaging app: Ansa is a new breed of messaging app that puts privacy first. Every message will be deleted 60 seconds after reading it. This is just one of many privacy features that will make messaging more secure. The app is now available on iOS and Android
  • - End-to-end encrypted communications through link sharing. Very easy to use.  (private Beta currently, launching soon)