LDD Security Policy

LDD’s Security Policy outlines the measures and procedures undertaken by LDD to ensure that the personal information of our customers and employees is kept private and secure, in accordance with the terms of our Privacy Code. 

In this Policy, "we", "us" and "our" means LawyerDoneDeal Corp. ("LDD").  "You" and "your" means the individual who is a customer or potential customer of LDD. 

Our website may contain links to other websites that are provided and maintained exclusively by third parties. Websites provided and maintained by third parties are not subject to this Security Policy. Please review the security policies on those websites to determine their practices. 

Internal Security Controls

Only certain LDD staff who, because of the nature of their work must have access to information about you, can retrieve information from your master record. In other words, specific system, database, or application access is granted on an "as needed" basis and controlled on the basis of job function. 

Unique user IDs and passwords are required for access to all LDD computer systems; staff users are responsible, and held accountable, for the assigned ID. Passwords are not to be shared among users and are changed on a regular basis. User accounts are disabled and passwords are changed upon termination of employment or contract. 

LDD’s computer systems also have built-in audit functions that track access. These audit logs can be used to identify and track unauthorized attempts to access information. 

Storage of personal information is not permitted on a routine basis on our desktop or laptop computer hard drives, except upon a customer’s express instructions, as part of providing work and services, which personal information is deleted from our staff user’s computer hard drive once work is completed. All computer files containing personal information are centralized on our secure servers, which are backed up on a regular basis. Special software applications are used to control access and maintain the security of the data in the systems.

Staff are aware that personal information (including paper files or documents, computer disks, CDs, and tapes) must not be left out in plain view where any unauthorized viewing by outsiders could occur. Our staff must log out of all applications at the end of each day and are required to close down applications containing personal information when absent from their desks for extended periods of time. 

Paper files are stored in locked cabinets to which only certain LDD staff, due to the nature of their work, have access. Any documents containing personal information that are no longer needed and are to be discarded, are shredded  by certified members of the National Association for Information Destruction.

External Access Controls

To protect the security and privacy of your personal information from unauthorized external access, access to LDD's premises is controlled by electronic access. Remote access to LDD computer systems by staff is limited by user IDs and passwords and is permitted on an "as needed" basis. 

Entry to the LDD website is protected by firewall and routing software, and by access controls installed on the website servers. Critical servers are monitored by intrusion detection software, which reports unauthorized access or changes to the system. 

Network and Server Security

LDD's co-located network and server environment is protected by VPN controls, where sensitive data is encrypted in transit and at rest. Unique accounts and passwords are required for authentication. In addition, logging and auditing is enabled as a form of monitoring and integrity protection. Every security control employed by LDD to protect system information has been thoroughly tested and selected based on its features and performance. 

The stability of the systems is assured by a UPS (uninterruptible power supply) and where appropriate, hardware redundancy features built into the servers. Industry-standard anti-virus software, updated regularly, is installed on the network and all desktop computers.

LDD does not permit personal information to be transmitted by e-mail. Staff treat personal information with the highest degree of sensitivity.

Regular backups are performed on all systems, with backup tapes being stored securely for disaster recovery purposes. Only designated LDD staff have access to the backup data.

Web Security

1. Our Visitors: What we know

When you visit the informational (or non-secure) areas of our website, only the following information is tracked: 

• the date and time you access our site; 

• the pages and files that were accessed on the site; 

• the operating system, browser type, browser version, and IP address of the computer from which you access our site; and 

• the size of data our site received from you and the size of data our site sends to you. 

Except as noted below, this information is only stored/reviewed in aggregate form, and only in order to monitor traffic patterns and volumes of use. We do not look at an individual’s use of our website. 

However, LDD does use industry-standard methods to identify unauthorized attempts to access, change or disrupt our website or data. Such unauthorized access is strictly prohibited, and may be reported to the appropriate authorities and Internet service providers.

2. SSL and Encryption

In order to help protect your security when you communicate with LDD through our website, we recommend that you use Microsoft® Internet Explorer 7.0 or higher, which supports 128-bit encryption, one of the strongest, most secure forms of encryption that is generally available in Internet browsers on the market in North America today. 

The following section shows how to check your browser's encryption level. 

Microsoft Internet Explorer

To see your browser encryption rate, also known as cipher strength:

• Open your Internet Explorer browser.  

• Click Help on the Internet Explorer toolbar. 

• Click About Internet Explorer.  

• Cipher strength (encryption rate) is listed in the About Internet Explorer window. 

• If your cipher strength is less than 128-bit, you can update your browser at http://www.microsoft.com/windows/ie/downloads/default.mspx.  

You should also check your browser encryption settings at this screen as follows: 

• Click the Edit Ciphers button in the upper right of the SSL screen.  

• Verify that all options beginning with either "128-bit" or "168-bit" have a check mark next to them. 

In addition, you can also quickly check your browser’s encryption level by loading the web page https://www.fortify.net/sslcheck.html 

To make sure that you have established an SSL (Secure Socket Layer) connection, confirm that the website address is displayed with "https://", rather than the standard "http://". 

If you do not have a browser that supports encryption, contact your computer system administrator for advice. You may also wish to visit Microsoft’s website (http://www.microsoft.com/windows/ie/downloads), Netscape’s website (http://www.netscape.ca/browser) or Mozilla’s website (http://www.mozilla.com/en-US/firefox) for more information and free download instructions.

3. Logging In

For your protection, we require that you "log in" to secure areas of our website using the appropriate user name and password applicable to the LDD website or application. We suggest that you use a combination of letters, symbols and numbers for your password, which should be at least 8 characters long. Do not use words that can be associated with you easily, and change your password regularly. 

Your password should be kept secret at all times because it is used to help verify your identity before you are permitted access to certain confidential information. If you are unable to provide the correct password, you will not be granted access. 

We recommend that shared computers have browsers set to NOT save passwords for future use. This option is available in Internet Explorer. 

When you log in successfully, your Web browser will establish a secure SSL connection between your computer and our website. When you leave the secure portion of our website, you will get a notification from your Internet browser that you are leaving the secure section, and returning to an open section. 

4. Timed Logout

For certain applications on our website and to further protect against unauthorized access to your accounts, our systems are designed to automatically log out if a secure online session is inactive for a set period of time. If your session terminates, you will be prompted for your lawyer/firm number and password again before you can resume your online activities. 

5. Cache Storage

The "cache" storage in an Internet browser consists of copies of pages you have visited and information that you have entered during the course of your browsing session. Your browser also relies on its cached Web pages when you use the "Back" button on your browser. 

For your transactions with LDD’s website to work properly, caching must be activated on your Web browser before using the site. However, to protect the confidentiality of your personal information, you may choose to clear your browser's cache or temporary Internet files after completing your browsing session. The instructions for clearing cache are as follows:

For Microsoft Internet Explorer 7.x, select Tools, then Internet Options on the menu bar. Click the General tab, then in Browsing History section click the Delete button, and then click the Delete Files button in the Delete Browsing History window. Do not click the "Delete Cookies" button, unless you wish to clear all cookies from your computer. 

6. Cookies

In order for our website to confirm and re-confirm your identity throughout the course of your transactions, a limited number of our applications make use of "cookies," which are small text files sent by a website to your Internet browser and stored on your computer. There are two types of cookies: "session" cookies and "persistent" cookies. The primary difference between session cookies and persistent cookies is that session cookies expire when you have finished your browsing session (e.g., closed your browser, or left it idle for an extended period of time), while persistent cookies may remain on your computer even after you have completed your browsing. 

It is important to remember the following facts about cookies:

• they can only be read by the website that placed them;  

• they cannot be used to track visits to other websites; 

• they cannot run malicious code or viruses; and  

• they cannot search outside your browser into your computer for information or download 

Like most modern websites, the LDD website makes use of cookies in order to provide a more convenient and secure transaction over the Internet. For your security, in order to use the secure section of LDD’s website, you must have session cookies enabled.

To change the browser settings for cookies: 

For Microsoft Internet Explorer 7.x or higher, select Tools, then Internet Options on the menu bar. Click the Privacy tab, then move the slider to adjust cookies support. You can also set Allow/Block policy by clicking the Sites button. 

Conclusions

Any changes to our Security Policy shall be acknowledged in a timely manner. We may add, modify or remove portions of this Policy when we feel it is appropriate to do so. You may determine when this Policy was last updated by referring to the modification date below. 

*Encryption is a process of scrambling or "encrypting" information for passage across the Internet. For example, information can be scrambled at your PC and then unscrambled (or "decrypted") when it arrives at LDD. This helps prevent the information from being read or intercepted while being transmitted. 

 Last Reviewed:  December 2020

Français