Client Data Security
Especially in light of the technology I utilize to improve client experience and value, I take the security of client data very seriously.
This page describes the systems I use and the steps I take to make sure that your data is as safe as I can keep it.
The lack of security for common email is well known. For this reason, I do not ever confidential client communications through email. Instead, I utilize the secure client portal communication capabilities of MyCaseInc, my virtual practice management service. MyCaseInc says that they utilize data encryption as well as Secure Sockets and Layers (“SSL”) sessions to protect your data. You can read more about MyCaseInc’s data security practices on their data security page.
In addition to communication, I also use MyCaseInc for secure document storage (which is then available through your client services portal, and to allow the secure acceptance of credit card payment (MyCaseInc provides a fully hosted environment that is directly connected to PayPros, a fully PCI compliant payment card processor).
Backups are critical to protect the integrity of digitally stored client data. After having done the research, I understand that not all backup providers are made the same though. In fact, many providers allow their employees to access backed up data even if it is encrypted (just ask them whether they can “reset your password if you lose it”). I have found a backup service that guarantee backed up encrypted data can never be accessed by their employees. In fact, they guarantee that if the encryption key is lost, then the backed up data will be similarly inaccessible. The service I use for backup is CrashPlan.