Video Screencast Help

Prevent Copying of Data

Created: 06 Dec 2013 | 2 comments
hickmana's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

We have a very sensitive case where data cannot leave the country but I noticed today our review lawyers can copy text from the review module and paste it into an email. 

Can this be prevented - it's a security risk for us right now.


Comments 2 CommentsJump to latest comment

Mike Rossander's picture

Even if you stop your reviewers from copy-pasting text off of the page (something that is very hard to do in any browser-based system), there is nothing you can do to stop them from screen-shotting the data and pasting the images into email.

This is a situation that calls for administrative and procedural controls, not technical controls.  Your review lawyers are still bound to the code of ethics on penalty of disbarment.  It may take some very blunt conversations and explicit reminders but they may not (with a few very limited exceptions) act in any way that is contrary to their client's best interests.  That would certainly include exposing you to legal risks for wrongfully disclosing or transporting sensitive data.

Login to vote
Mike Rossander's picture

Thinking about it further, there is one technical control you could implement but it would be quite extreme.  And it would be the responsibility of your own IT department, not something that Clearwell could build.

The control you are asking for requires a complete lockdown of the reviewer's computer and a disabling of rather a lot of core functionality of windows.  You could do that by issuing your reviewers separate computers just for review and lock those computers down to only browser access (no email or other applications) and further lock them down to just the Clearwell IP(s) to foreclose the possibility of jumping to webmail.  The lawyers would still be able to copy text from Clearwell to the clipboard but they could not paste it anywhere useful because the locked-down computer would have no rights to go anywhere else.

A slightly less intrusive variation (but also trickier to implement properly) would be to set up a very restricted remote-desktop environment (such as via Citrix) and allow access to Clearwell only from within that environment.  The reviewing lawyer would still have access to his/her email and other applications - just not while working on the document reviews.

Your information security team should be able to help you design a confidential solution.  Or email me off-line.  I've set up a similar environment - not for review (I believe the administrative controls work better with lawyers) but for other confidential business functions.

Login to vote