If your firm needs to comply with regulatory standards for retaining your data, the Office 365 Security & Compliance Center provides features to manage the lifecycle of your data in Exchange Online. This includes the ability to retain, audit, search, and export your data. These capabilities are sufficient to meet the needs of most firms.

However, some firms in highly regulated industries are subject to more stringent regulatory requirements. For example, firms that deal with financial institutions such as banks or broker dealers may be subject to Rule 17a-4 issued by the Securities and Exchange Commission (SEC). Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of records retention.

To help these firms better understand how the Security & Compliance Center can be leveraged to meet their regulatory obligations for Exchange Online, specifically in relation to Rule 17a-4 requirements, Microsoft has released an assessment in partnership with Cohasset Associates.

Cohasset validated that when Exchange Online and the Security & Compliance Center are configured as recommended, they meet the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4.

Click below to download the report by Cohasset.

Office 365 Exchange Online Cohasset SEC 17a-4(f) Assessment

Highly regulated industries are often required to store electronic communications to meet the WORM (write once, read many) requirement. The WORM requirement dictates a storage solution in which a record must be:

  • Retained for a required retention period that cannot be shortened, only increased.
  • Immutable, meaning that the record cannot be overwritten, erased, or altered during the required retention period.

In Exchange Online, when a retention policy is applied to a user’s mailbox, all of the user’s content will be retained based on the criteria of the policy. In fact, if a user attempts to delete or modify an email, a copy of the email before the change is made will be preserved in a secure, hidden location in the user’s mailbox. Retention polices can ensure that an organization retains electronic communications, but those policies can be modified.

By placing a Preservation Lock on a retention policy, an organization ensures that the policy cannot be modified. In fact, after a Preservation Lock is applied to a retention policy, the following actions are restricted:

  • The retention period of the policy can only be increased, not shortened.
  • Users can be added to the policy, but no user can be removed.
  • The retention policy cannot be deleted by an administrator.

For more information on how the Security & Compliance Center can be leveraged to meet your regulatory obligations for email with Office 365 Exchange Online, Contact Legal Computer Consultants at (800) 646-9199.

Microsoft announced the public preview of Windows Virtual Desktop on Microsoft Azure. Windows Virtual Desktop is a desktop and app virtualization service that runs on the cloud rather than on your Windows 7 or Windows 10 computer. Law firms can migrate case management, time and billing, accounting and other software to any type of device while maintaining the look and feel of a Windows desktop.  Firms can leverage the built in security, compliance and Windows desktop functionality configured directly by Microsoft.

This is a dramatic change for Microsoft which previously did not license Windows desktops on any public cloud, including Amazon Web Services and its own Azure Cloud.

For Windows 7, Microsoft is extending support for 3 additional years after the current January, 2020 end of support date.

Public preview is a precursor to general availability which is expected to be in the latter half of 2019.

 

Law firms that utilize Microsoft SQL Server 2008 must prepare now for end of support on July 9, 2019.  SQL server is the backend of popular case management software such as Lexis Nexis Timematters and PCLaw, Aderant Total Office and others.  See announcement by Microsoft:  Announcement regarding SQL Server 2008 end of support.

That means that known security holes will no longer be updated by Microsoft free of charge and networks that contain Microsoft SQL 2008 servers will be vulnerable to hacking, malware and viruses if not updated.  Two options for upgrading are  Microsoft Azure SQL Database service or Microsoft SQL Server 2017 software. (SQL Server 2019 has not been publicly released as of this writing).   Azure Database is a fully managed relational cloud database service on the Microsoft Azure Cloud.

Both options improve security by instituting encryption by default, both at rest and in transit, what Microsoft calls “Always Encrypted”.  For more information on this feature see:  Always Encrypted. 

Planning and preparation are key to a smooth transition.  This should include an evaluation of front end applications, such as case management software, to ensure compatibility with the latest platforms.

Federal Courts may require your firm to submit PDF files in a PDF/A compliant format.  PDF/A is type of PDF file that contains all the elements of the document ‘embedded’ in the document versus having links to content in the document.  This is important for long term archiving and subsequently preferred by the courts.

Here are two ways to convert PDF files to PDF/A compliant:
1.  Print PDFs to the PDF printer driver;  Choose, [File][Print] in the PDF and choose the PDF printer driver as the printer to create the output.  This is fast and simple, but the markups and other features like digital signatures, embedded content and encryption will be removed from the file.  This is usually OK for legal professionals submitting files to the courts.
2.  Using Adobe Professional, creating PDF/A files requires a few extra steps, but this method preserves the markups and other features.  Choose PDF/A-1b for Federal Court Filings:

Do not hesitate to email or call me to review PDF/A

Thanks,

Peter Rabbino

Mobile: (954) 937-4528

peterr@legalcomputer.com

www.legalcomputer.com

Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.