Litigation and Regulatory Compliance



Ensuring E-mail Security

May 5, 2017 Published Work
ARIAS Quarterly - Spring 2017

Basic Information and Background

The Guidance for Data Security uses the term "confidential information" to refer to various types of information that can be exchanged in the course of an arbitration, including the subsets of personally identifiable information ("PII"), protected (or personal) health information ("PHI"), and sensitive or proprietary business information. While various laws and regulations require different levels of confidentiality treatment depending on the subsets describes above, the Guidance treats the subsets similarly so that implementing information security measures can be done efficiently.

For some years, insurance and reinsurance companies have been aware of information security risks and safeguards and have invested considerable amounts of time and money to implement robust information security procedures, protocols, and practices. Their efforts are routinely examined and revised. Likewise, law firms have been implementing information security practices and, in most cases, have systems in place to protect confidential information while at rest and in motion. For example, most companies and many firms have e-mail systems that automatically encrypt outgoing messages, while encrypted messages can be automatically unencrypted by the receiving party for seamless and secure communication.

To read the full article, please click the Printable PDF link below.