• LAWPRO Privacy Code
• Code de la protection des renseignements personnels de LAWPRO

• LAWPRO's Security Policy
• Politique sur la sécurité de LAWPRO

• LAWPRO Personal Information Statement for Ontario LAWYERS
• Déclaration de LAWPRO sur l’utilisation des renseignements personnels à l’intention des avocats titulaires de permis de l’Ontario
• LAWPRO Personal Information Statement for Canadian lawyers (excluding Ontario and Quebec)

• LAWPRO Personal Information Statement for Quebec notaries/lawyers
• Déclaration de renseignements personnels de LAWPRO à l’intention des notaires/avocats du Québec

LAWPRO^®'s Security Policy

Download the PDF file:           English version (size: 59K).           Version française (size: 40K).

LAWPRO's Security Policy outlines the measures and procedures undertaken by LAWPRO to ensure that the personal information of our customers and employees is kept private and secure, in accordance with the terms of our Privacy Code. Therefore, this Security Policy complements LAWPRO's Privacy Code, available at www.lawpro.ca/privacy.

In this Policy, "we", "us" and "our" means Lawyers' Professional Indemnity Company (LAWPRO), which includes TitlePLUS^® and practicePRO^®. "You" and "your" means the individual who is a customer or potential customer of LAWPRO.

Our websites may contain links to other websites that are provided and maintained exclusively by third parties. Websites provided and maintained by third parties are not subject to this Security Policy. Please review the security policies on those websites to determine their practices.

Internal Security Controls
Only certain LAWPRO staff who, because of the nature of their work, must have access to information about you can retrieve information from your master record. In other words, specific system, database, or application access is granted on an "as needed" basis and controlled on the basis of job function.

Unique user IDs and passwords are required for access to all LAWPRO computer systems; staff users are responsible, and held accountable, for the assigned ID. Passwords are not to be shared among users and are changed on a regular basis.

When one of our staff users has a significant change in duties, such as a transfer to another department, the user's access permissions are reviewed and modified. If the user's new department and responsibilities no longer require access to certain information, that access is removed. User accounts are disabled upon termination of employment or contract.

LAWPRO's computer systems also have built-in audit functions that track access and modification of data. These audit logs can be used to identify and track unauthorised attempts to access information.

Storage of personal information is not permitted on a routine basis on our desktop or laptop computer hard drives. All computer files containing personal information are centralised on our secure servers, which are backed up on a nightly basis. Direct access to core databases is not permitted. Special software applications are used to control access and maintain the security and accuracy of the data in the systems.

Staff are aware that personal information (including paper files or documents, computer disks, CDs, and tapes) must not be left out in plain view where any unauthorised viewing by outsiders could occur. Our staff must log out of all applications and shut down their desktop computers at the end of each day, and are required to close down applications containing personal information when absent from their desks for extended periods of time.

Access to paper files is controlled by a sign-in/sign-out procedure. LAWPRO employs a secure document disposal and shredding service to ensure the security of discarded paper documents and files.

External Access Controls
To protect the security and privacy of your personal information from unauthorised external access, access to LAWPRO's premises are controlled by reception staff and security card inspection. Remote access to LAWPRO computer systems by staff is limited by user IDs and passwords, and is permitted on an "as needed" basis.

Entry to LAWPRO websites is protected by firewall and routing software, and by access controls installed on the website servers. Critical servers are monitored by intrusion detection software, which reports unauthorised access or changes to the system. LAWPRO's security procedures are also audited by two external firms for security compliance and adherence to best practices.

Network and Server Security
LAWPRO's network and servers are protected in limited access, climate-controlled facilities. Access to LAWPRO equipment is only authorized for designated members of LAWPRO's Information Systems Department and vendor technicians explicitly authorized by LAWPRO.

The stability of the systems is assured by redundant backup power supplies and redundant "fail-over" hardware components built into the servers. Dual sets of virus definitions are updated multiple times each day, and virus scanning software operates throughout the network and on all desktop computers and laptops.

Data transmitted within LAWPRO on its private network (or intranet) is not encrypted, nor are routine e-mail communications leaving the LAWPRO network. However, staff are encouraged to consider the sensitivity of material before transmitting it outside the network by e-mail.

Nightly backups are performed on all systems, with backup tapes being stored securely off-site for disaster recovery purposes. Only LAWPRO IS Staff and employees of the off-site tape management facility have access to the backup data.

Disaster recovery tests are performed regularly.

Web Security
1. Our Visitors: What we know
When you visit the informational (or non-secure) areas of our websites, only the following information is tracked:

• the name of the domain from which you access the Internet (for example, "sympatico.ca" or "aol.com");
• the date and time you access our sites;
• the pages and files that were accessed on the site; and
• the Internet address of the website from which you linked to our site (for example, from the "Links" page on a different site).

Except as noted below, this information is only stored/reviewed in aggregate form, and only in order to monitor traffic patterns and volumes of use. We do not look at an individual's use of our websites.

However, LAWPRO does use industry-standard methods to identify unauthorised attempts to access, change or disrupt our websites or data. Such unauthorised access is strictly prohibited, and may be reported to the appropriate authorities and Internet service providers.

2. SSL and Encryption
In order to help protect your security when you communicate with LAWPRO through our family of websites, we recommend that you use Netscape or Microsoft^® Internet Explorer browsers with 128-bit encryption. You should always use a web browser that supports 128-bit encryption when accessing secure websites. Most browsers now come with 128-bit encryption, a strong, secure form of encryption which provides adequate protection when transmitting confidential data over the Internet.

For Microsoft Internet Explorer 5.x/6.x/7.x
During a browsing session, you can confirm your security level in the following way:

• If you are in a secure portion of a website, your browser will display a locked padlock in the bottom right-hand corner of your screen.
• If you are on an open section of a website, your browser will not display a padlock in the bottom right-hand corner of your screen.

For Mozilla Firefox 2.x
During a browsing session, you can confirm your security level in the following way:

• If you are in a secure portion of a website, your browser will display a locked padlock in the bottom right-hand corner of your screen.
• If you are on an open section of a website, your browser will not display a padlock in the bottom right-hand corner of your screen.

For Netscape Navigator/Communicator Version 6.x/7.x/8.x
During a browsing session, you can confirm your security level in the following way:

• If you are in a secure portion of a website, your browser will display a locked padlock in the bottom left-hand corner of your screen.
• If you are on an open section of a website, your browser will display an open padlock in the bottom left-hand corner of your screen.

To make sure that you have established an SSL (Secure Socket Layer) connection, confirm that the website address is displayed with "https://", rather than the standard "http://".

If you do not have a browser that supports encryption, contact your computer system administrator for advice. You may also wish to visit Microsoft's website (www.microsoft.com), Mozilla's website (www.mozilla.com/firefox), or Netscape's website (www.netscape.com) as appropriate for more information and free download instructions.

3. Logging In
For your protection, we require that you "log in" to secure areas of our websites using your lawyer member number (or firm number) and a password that you have selected. We suggest that you use a combination of letters and words for your password. Do not use words that can be associated with you easily, and change your password regularly.

Your password should be kept secret at all times because it is used to help verify your identity before you are permitted access to certain confidential information, such as your insurance policy and address information. If you are unable to provide the correct password, you will not be granted access. Invalid password attempts are tracked by the system; for security purposes, an account will be "locked out" in the event of several consecutive invalid password attempts.

LAWPRO recommends that shared computers have browsers set to NOT save passwords for future use. This option is available in both Internet Explorer and Netscape. We provide a number of convenient options for being reminded of your password, when necessary, including an online reminder/validation or a call-back service from our Customer Service Department.

When you log in successfully, your Web browser will establish a secure SSL connection between your computer and our website. When you leave the secure portion of our website, you will get a notification from your Internet browser that you are leaving the secure section, and returning to an open section.

4. Timed Logout
To further protect against unauthorised access to your accounts, our systems are designed to automatically log out if a secure online session is inactive for more than one hour. If your session terminates, you will be prompted for your lawyer/firm number and password again before you can resume your online activities. Since most transactions on LAWPRO's family of websites take only minutes, this should rarely pose a problem.

5. Cache Storage
The "cache" storage in an Internet browser consists of copies of pages you have visited and information that you have entered during the course of your browsing session. Your browser also relies on its cached Web pages when you use the "Back" button on your browser.

For your transactions with LAWPRO's websites to work properly, caching must be activated on your Web browser before using the site. However, to protect the confidentiality of your personal information, you may choose to clear your browser's memory cache after completing your browsing session. The instructions for clearing cache are as follows:

For Microsoft Internet Explorer 5.x, select Tools, then Internet Options on the menu bar. Click the General tab, then click the Delete Files button. Click OK.

For Microsoft Internet Explorer 6.x/7.x, select Tools, then Internet Options on the menu bar. Click the General tab, then click the Delete Files button. Do not click the "Delete Cookies" button unless you wish to clear all cookies from your computer. Click OK.

For Mozilla Firefox Version 2.x, - Select Tools, then select Options. Click the "Advanced" button across the top. Make sure the "Use up to ____ MB of space" is not set to 0; set it to 10MB at least. Click on the Clear Now button to delete all files in the cache.

For Netscape Navigator/Communicator Version 6.x/7.x, select Edit, then Preferences. Double click Advanced, then Cache. Click the Clear Memory Cache button and the Clear Disk Cache button. Click OK.

For Netscape Navigator/Communicator Version 8.x, select Tools, then Options. Under the Security and Privacy column, click on Privacy. Select cache, then click on the Clear Cache on browser exit box. Click OK.

6. Cookies
In order for our websites to confirm and re-confirm your identity throughout the course of your transactions and e-filing, we make use of "cookies," which are small text files sent by a website to your Internet browser and stored on your computer. There are two types of cookies: "session" cookies and "persistent" cookies. The primary difference between session cookies and persistent cookies is that session cookies expire when you have finished your browsing session (e.g., closed your browser, or left it idle for an extended period of time), while persistent cookies may remain on your computer even after you have completed your browsing.

It is important to remember the following facts about cookies:

• they can only be read by the website that placed them;
• they cannot be used to track visits to other websites;
• they cannot run malicious code or viruses; and
• they cannot search outside your browser into your computer for information or download data.

LAWPRO's family of websites makes use of cookies in order to provide a more convenient and secure transaction over the Internet. LAWPRO's websites only use session cookies, and do not use persistent cookies. For your security, in order to use the secure section of LAWPRO's websites, you must have session cookies enabled.

For more information about your browser and how it supports cookies, visit:

• For Microsoft Internet Explorer 5.x/6.x/7.x, visit Microsoft at http://www.microsoft.com/info/cookies.htm.
• For Mozilla Firefox 2.x, visit Mozilla at http://support.mozilla.com/en-US/kb/Cookies.
• For Netscape Navigator/Communicator Version 6.x, 7.x, and 8.x, visit Netscape at http://wp.netscape.com/legal_notices/cookies.html.

Destruction Guidelines
LAWPRO recognizes that in order to prevent unauthorized parties from accessing your personal information, it is important to use care in the disposal and destruction of personal information. For the purposes of this section of the Policy, "destruction" (or "destroy") means the taking of steps to ensure that personal information on all storage media (including paper, electronic, audio or video media) cannot later be used or re-constructed, once a decision has been made not to retain specific material.

A destruction record will be maintained by the Chief Information Officer regarding destruction of records in bulk that contain personal information. Any destruction of records in bulk requires the authorization of the Department Head responsible for the records and the President (or the delegates of either of them).

In general (and subject to emerging technologies for record destruction), LAWPRO is committed to destroying records using the methods described as follows:

Conclusions
Any changes to our Security Policy shall be acknowledged in a timely manner. We may add, modify or remove portions of this Policy when we feel it is appropriate to do so. You may determine when this Policy was last updated by referring to the modification date found on the version of the Policy available at www.lawpro.ca/privacy

¹ Encryption is a process of scrambling or "encrypting" information for passage across the Internet. For example, information can be scrambled at your PC and then unscrambled (or "decrypted") when it arrives at LAWPRO. This helps prevent the information from being read or intercepted while being transmitted.
² Please note that any third party websites referred to in this Policy are not endorsed by LAWPRO and that LAWPRO assumes no responsibility for their contents.

^® LAWPRO, TitlePLUS, practicePRO and the LAWPRO logo are registered trademarks of Lawyers' Professional Indemnity Company.

Last updated on June 1, 2008