Key Strategies Courts Are
Implementing To Counter
The Risks
TABLE OF CONTENTS
Introduction - Data that travels is the most at-risk ...1
Where are some of the most common
blind spots for courts? ...2
Strategies courts are taking to reduce risk ...3
What to look for in an e-Filing & e-Service Solution
to ensure your data in motion is reduced
and properly protected ... 4
Examples of how courts are utilizing
Going paperless has been on the agenda for
many courts for the past decade (or longer).
In the quest to find an electronic solution,
many courts inadvertently create greater
complication or expose themselves to
additional risks when they put that paperless
case data in motion.
Data that moves beyond the courts’ firewall and among parties in a case introduces opportunities for information to be compromised. It can be difficult, if not impossible, to control without the proper set of tools.
Cyber threats can come from anywhere and attack nearly every part of your court’s network. However, data that is moving from one location to another is the most difficult to secure and carries with it the highest likelihood for misuse, intentional or not. Accepting some level of risk is part of doing business today, but managing that risk by recognizing weak points is the difference between a court choosing to go paperless and being the victim of a catastrophic data exposure. Private sector data is highly targeted and therefore also heavily regulated by consumer privacy laws. Corporations in all sectors that provide online services are continually working to protect their businesses and their
customers’ data. The public sector is equally complex and must balance their requirements to provide access to public information yet protect proprietary information, trade secrets and personal data. Most complex of all are the courts, which must protect the innocent, the victims, the judicial process and the judicial decision makers as well.
The data exchange process during the life of a case opens numerous points of vulnerability if not properly managed. Courts must be proactive in taking the necessary steps to limit their exposure to data leakage, theft or alteration by an external party and protect those that they serve in the community throughout the judicial process.
Some of the greatest risks occur as
documents are exchanged with the court
during the litigation lifecycle.
Email is of the most common scenarios of data security breaches. Once an email message leaves the court’s server, it may be routed across many servers and travel across multiple countries. You can’t know how long it will be stored on those servers. Because of this, there is a heightened risk that the confidential information and attachments you send in email could be intercepted and accessed by third parties. Encryption methods can reduce this risk but they do not eliminate the problem.
There are often tradeoffs made in email security for the sake of deliverability and efficiency. In order to thwart email risks, increased security in email systems of the court and of the recipients can unintentionally impact time-sensitive data. It may end up in spam or junk folders or completely blocked, especially if it has attachments.
WHERE ARE THE MOST COMMON BLIND SPOTS FOR COURTS?
JUDGES EMAILING ORDERS
Judges often use email when exchanging draft orders with law clerks, other judges or to home email addresses. Draft orders can be compromised before a final order is written and the case is ruled upon. A typo, an autocorrect oversight or redline revision in a draft order for a judge may be inadvertently emailed to unintended recipients.
EMAILING SENSITIVE DATA
Attorneys sometimes email documents to the court with secure health records, social security information or other Personally Identifiable Information (PII) or HIPAA-protected information. Even with protocols and court rules for redaction in place, warnings about sending such information are usually only brought up after an unintended disclosure has taken place. Once it is discovered, addressing the offense reactively does little to protect the victims of the exposed information. There is no option to recall or erase what was sent, the harm is done and the exposure is permanent.
Although many state courts have rules and procedures to follow regarding sensitive data, they are not always strictly adhered to, are not properly handled by court staff or are left open to interpretation. Typically there are no procedures or systems are in place for court staff to quickly and permanently remove the entire path the sensitive information traveled.
Take a look at some of the most common case communication activities
that can put courts, cases, judges and the innocent at risk:
EXCEEDING THE EMAIL
RECIPIENT’S MAX FILE SIZE AND NO AUDIT TRAIL ON THE FAILURE
Emails containing large documents may be blocked by the receiving party’s email service provider because it exceeds a pre-specified document size. The sender may not even receive a notification of the failure. When this happens, service wasn’t performed/received, parties are at odds and the court the court has an additional burden of making a decision on how to mitigate a dispute caused by the very technology intended to streamline the process.
UNSECURED DOCUMENT LINKS IN EMAIL NOTIFICATIONS
Many courts don’t realize that emailing filing and service notifications with links to the documents often are not secure. Even though the documents aren’t technically attached to the email, they are certainly accessible via the email notification and that means they can fall into the hands of hackers or unintended recipients.
Additionally, this format creates an environment that is highly susceptible to phishing attacks. Recipients become complacent from getting the same email styles with a link, which can be easily imitated in emails containing viruses.
If you recognize any of the blind spots
above, you are not alone—but your
court’s data could be in real jeopardy.
Secure e-Filing and e-Service helps
courts ensure that their data is safely
stored while significantly reducing the
amount of case data in motion.
E-Filing – How It Works & How It Reduces Data in Motion
An e-Filing solution offers a containable and secure repository of case data and documents. It provides an application that allows only authorized users (court personnel, judges, attorneys, legal staff and pro se filers) to have access.
These are secure web-based applications that manage case documents and the related exchange of data around those documents. Email is only used
for notifications related to cases. Hence, the case data/documents themselves do not move among parties, but notifications travel between the parties as necessary. These notifications are also available on the system itself, so you only have to log in to take email out of the equation altogether.
Access to the case documents and data is available to parties on a case, but it is restricted to the allowable users based on their security level and based on the security level of the case as a whole–as defined by the case parties and the courts.
When e-Filing, a party posts a document to a secure online case file that is then reviewed securely by the clerk’s office. This intake review provides an additional checkpoint to assure the appropriate security levels have been chosen. During clerk review a clerk can update the security level of a document. If a filer accidentally left a sensitive
document as “public” the clerk can change it to “sealed”. Additionally, if a document should never have been uploaded according to the court’s privacy standards, the clerk can request to have the document completely removed from the system. Once reviewed by the clerk’s office, the documents are then stored in a secure data center that is only accessible by authorized users.
E-Service – How It Works & How It Reduces Data in Motion
With e-Service judges and law firms post documents to a secure, shared online case file. Parties in the case receive immediate notification when documents are served and can access them online with a password, eliminating the need to exchange potentially sensitive documents via email. E-Service enables you to send multiple notifications to multiple parties
with a single, secure online transaction. With e-Service, a centralized service list helps to further ensure that service notifications reach their intended recipient securely. Judges may also use e-Service as a secure method to serve serve hearing notices and issue orders to any or all parties within a case, eliminating the potential bottleneck created by the nature of having liaison counsel distribute or coordinate such orders and reducing the risk of file movement.
Courts also use e-Service to provide a verifiable audit trail of e-Service recipients and their receipt of notifications. Notifications of e-service are traceable by the court and there are multiple tools available to view the status of an e-Service transaction. This eliminates hearings before the court regarding claims of non-service of documents. Judges can easily avoid the headache when a party claims they weren’t served. This works well when a court requires parties to register for and use one e-Service vendor or an e-Filing manager solution handles service among multiple providers.
It is also very important that attorneys on a case receive timely communications from the clerks or judges, especially regarding filing deadlines, hearing dates and other
important litigation events. Courts use e-Service to ensure that these notices are securely delivered and tracked.
ENSURE YOUR DATA IN MOTION IS REDUCED AND
PROPERLY PROTECTED WHEN AT REST
A SECURE, PASSWORD-PROTECTED ONLINE DOCKET AND REPOSITORY:
An online document repository and docket is one of the key advantages that encourages courts and attorneys to make the transition to an electronic solution. However, it must be protected by user level, case level and document level security to ensure the information in the repository is not compromised.
A SINGLE SOURCE FOR THE SERVICE LIST ASSOCIATED WITH EACH CASE: This simplifies maintaining the integrity of the e-Service list, eliminating
conflicting case service lists and reducing the risk that nonparties to a case may be accidentally notified.
What to Look For in a Secure e-Service & e-Filing Solution:
Be aware, just because a vendor claims
to do e-Filing and e-Service, it doesn’t
necessarily mean it’s secure e-Filing &
e-Service – especially when it comes to
moving those filings and service notices
around during pre-trial and litigation.
Many e-Filing and e-Service providers still
use faxes, email and thumb drives–which
may facilitate getting documents to the
courthouse, but are far from secure.
SECURE FILING CONFIRMATIONS & CASE NOTIFICATIONS: Filing confirmations and service notifications should be provided via email and online via a secure system but they should not include sensitive data, document attachments or provide open links to documents. As we mentioned
previously, links to documents within a system notification are acceptable only as long as the link is password protected and if the user has permission to view the document, otherwise the document could be intercepted.
NOTIFICATION AUDIT TRAILS:
E-Service notifications should provide time-stamped read statuses to allow the court to verify that the notification did indeed reach the intended recipient.
DOCUMENT ACCESS SECURITY:
The solution should also allow you to designate documents as private, sealed, suppressed or In-camera to further protect confidentiality. You should be able to limit documents to the parties in the case, only those specifically served, or just the attorney and judge on the case (excluding even their staff).
CASE ACCESS SECURITY:
The solution should allow for security settings for the whole case class or type. Cases can be restricted so that users who are not involved in the case cannot even see that the case exists (i.e. they cannot see the case name or number) or obtain access to it.
SECURE DOCUMENT UPLOAD & STORAGE:
When it comes to document uploads and storage the e-Filing & e-Service solution should provide multiple system security barriers that prevent viruses and
intrusion, plus encryption between the user and the host system. Is the site regularly audited? How about service vendors? Is your data stored on a server in some faraway land? Does the vendor use commercial standard of SHA-1, RSA 2048 Bit Encryption upon login to the system, and do all transactions and data remain at that level?
EXAMPLES OF HOW COURTS ARE UTILIZING
FSX E-SERVICE & E-FILING
File & ServeXpress e-Service and e-Filing functionality have been used to handle the
high volume of users and documents involved with multi-district complex litigations.
Complex cases can have hundreds of parties. Files & ServeXpress manages the service
lists for the cases and ensures all parties receive the judge’s orders.
File & ServeXpress enables courts to control
the amount of case data in motion by
allowing them to better and more securely
manage key communications throughout
the litigation life cycle.
FSX was specifically designed to reduce the amount of data in motion during the document exchange process through its secure e-Filing and e-Service
solution. Over the course of the past 24 years, we’ve worked with courts of all sizes and at all levels to securely manage their document management and exchange.
Over a six-year period, more than 10,000 VIOXX cases were filed and over 80,000 documents exchanged through File & ServeXpress in Louisiana federal courts. After learning of the tools and capabilities of the File & ServeXpress platform, the New Jersey state courts followed the federal courts’ lead and implemented FSX for 16,000 VIOXX cases and more than 60,000 documents.
Marion County Circuit Court in Indiana accepts e-Filing in their complex and foreclosure cases. All 14 judges use FSX to issue orders to parties in their cases. Over the last 3 years there was an average of approximately 28,000 documents per year filed in Marion County. There were also over 4,300 orders issued through File & ServeXpress from July 2014 to July 2015.
Louisiana Federal Courts
10,000 VIOXX cases filed 80,000+ documents exchanged
New Jersey State Courts
16,000 VIOXX cases and more 60,000+ documents exchanged
Marion County Circuit Court
All 14 Judges use FSX 28,000 documents filed 4,300 orders issued 7/14-7/15
e-Service was mandated by Judge Barbier in the Louisiana BP Oil case. The judge recognized the need for a secure document exchange system that could manage the complexity of this case and the need to act quickly. Judge Barbier’s e-Service order was signed, filed and e-Service was activated within a 24 hour period. FSX e-Service representatives were on-site for training with defense liaison counsel the same week. There are currently 2,030 case parties, and to date 17,586 transactions with 33,394 documents have been securely e-Served.
The NPM Adjustment Proceedings were a multi-year arbitration between tobacco manufacturers and the Department of Justice/Attorney General offices of 46 states. The dispute spans a multi-year period. The first year, 2003, is online and now serves as a process model to expedite subsequent years. During the 2003 litigation over 2,911 e-service transactions were served and over 4,739 documents were exchanged. The states have settled the 2003 proceedings and they are now planning to use FSX for the next disputed year, 2004.
The arbiter group has three arbiters on the mediation. There are 263 parties, including the 3 arbiters, 108 representatives from the tobacco manufacturers and 152 representatives from the 46 participating states. While this is not a large service list it is the most geographically dispersed group we have, so FSX is a great tool for them.
Cases like this that span multiple years and multiple jurisdictions introduce an added complexity that most litigations do not. For these long-term cases, an automated system is paramount. Staffing changes occur, memories fail, documents can be misfiled or lost, and disasters can strike. For these reasons, a centralized repository offers not only the protection and continuity needed, but the added disaster recovery benefits.
Louisiana BP Oil Rapid deloyment of FSX 2,030 cases parties 17,586 transactions 33,394 documents NPM Adjustment Proceedings 46 States 2,911 e-service transactions in ‘13 4,739 documents exchanged in ‘13 263 Parties
FSX e-Service functionality has been used to help courts and judicial staff better
manage the document exchange workflow in all sizes and types of cases.
Massachusetts, New Jersey, Baltimore, Denver, Delaware and District of Columbia County all use FSX to send out electronic orders more efficiently and to all designated case parties at once.
The Delaware Superior Court, Court of Chancery, Register of Wills and Supreme Court use File & ServeXpress for many case types including guardianship & trust, probate/register of wills, and family cases (Family Appeals in the Delaware Supreme Court) to provide a secure place to e-File documents and send out orders. Many of these cases are extremely private and contain sensitive data. By using the various levels of security they are able to ensure that inappropriate access does not occur.
The District of Columbia Superior Court has 20+ judges with more than 20,000 e-Filed and e-Served transactions monthly for civil, family, probate, and tax cases. Judges electronically file their orders in all case types to parties in the case. Even a small number of judges can manage large volumes of e-Filings and e-Service when using File&ServeXpress.
The Denver County Colorado Court accepts e-Filing for general civil cases using a two-way integration to their in-house developed case management system. File & ServeXpress processes just under 18,000 transactions a month for Denver County. There are three judges who depend on File &ServeXpress to securely deliver their orders to parties in their cases. The court and major law firms in Denver County Court depend on the ability to use File & ServeXpress batch filing in their collection/money cases to help manage the significant amount of those cases being filed on a daily basis. Denver County Clerks also use File & ServeXpress Alerts to be notified internally when a judge issues an order. Orders are not integrated into the court’s case management system, so the clerks have set up Alerts for the judges they support to be notified when that judge issues an order.
DC Superior Court
20+ Judges
20,000 e-File & e-Service transactions per month
Dever County CO Courts
