Privacy, Confidentiality, Legal Privilege and Electronic Communications
Law Practice
This is website operated by a law practice. Diaspora takes your rights of confidentiality and information security seriously. This law practice is bound by strict ethical codes applicable to lawyers.
When do we collect information from you?
We collect information from you when you register on our site, subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site or communicate with Diaspora concerning your legal matter.
This information is used to provide you with legal services including advice, advocacy and representation.
Email
Communicating by email is an efficient means of communication which reduces the cost of delivering legal services. However, one of the main weaknesses of email communication can be its lack of confidentiality.
Sending communications by email has been likened to sending communications by postcard - the contents of the communication can be easily read by anyone who views the communication in transit. In fact, the situation can be worse - servers can take a copy of the email in transit and store it - in which case it can be read at a later time by someone who obtains a copy of the email taken in transit. Furthermore Australian internet service providers are under legislative obligations to keep "metadata" associated with electronic communications between their clients such as the date and time which an email was sent and the details of the sender, recipient and subject of the email.
This law practice begins from the premise that your communications are kept confidential and legal professional privilege is preserved in respect of communications where that is available. Your formal written retainer with the practice will contain the specific terms about that.
Firstly we do not use external email servers as first or second line receivers for inbound email. You can, in the absence of first or second-line system failure, send emails directly to the law practice.
Transport Layer Security is like putting a postcard in an envelope between postal centres and each centre along the way opening the envelope, re-addressing it in a new envelope until it gets delivered to us. We can only control aspects of how we finally receive the message - not how you initially send it. Our firstline servers will receive using transport level security where the sending system requests it and will request it to do so. if the external system does not provide transport level security then our firstline system will receive an open email from you. Our secondline systems will only receive transport layer secured email. Our thirdline receipt system is an out of jurisdiction third party email host which will receive emails when we are out of action and forward them to us when our systems are back online. Those systems will try to receive using transport layer security and will send to us using transport layer security.
If you wish to test your or our or our competitor colleagues' systems for email security we suggest you use http://checktls.com/ where you can check this simply and for free. Their website provides a more detailed explanation of email security.
Furthermore we can provide message level encryption of emails we send to you and can receive message level encrypted emails from our clients who request it. This means that even if an email is intercepted by a third party while in transit, it cannot be read without the recipient's private encryption key.
Clients who require this level of security and privacy should feel free to discuss with us the level of protection that this provides.
We do not use external vulnerability scanning and/or scanning to PCI standards.
An external PCI compliant payment gateway handles all CC transactions.
We do not use external Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All credit card transactions are processed through a gateway provider and are not stored or processed on our servers
Cookies
We use Cookies. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We use cookies to:
• Help remember and process the items in the shopping cart.
• Understand and save user's preferences for future visits.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.Some of the features that make your site experience more efficient and may not function properly.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information except as necessary to provide you with legal services with your consent. We may also release information when it's release is required to comply with the law.
We have not enabled Google AdSense on our site.
Third Party Links
We do not include or offer third-party products or services on our website. Links to third party associates are informational.
California Online Privacy Protection Act
CalOPPA is the first state law in the USA to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes:
• On our Privacy Policy Page
Can change your personal information:
• By emailing us
• By calling us
• By logging in to your account
• By chatting with us or by sending us a support ticket
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) (USA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
Client Legal Privilege
Additionally, the law around legal professional privilege varies between different jurisdictions. Most people sending an email to someone wouldn't have a clue which countries that email passes through before being received by the sender. Even if you do know the countries involved, you probably don't know whether those countries even have a law of legal professional privilege or any privacy laws. In South Australia for example the case of Calcraft v Guest (1898) 1 QB 759 has not been over-ruled. The High Court of Australia remarked in Baker v Campbell :
"One cannot, however, ignore the rather remarkable rule that if the privileged document, or a copy of it, has been obtained by the opposing party, by accident, trickery, or even by theft, it may given in evidence although the party entitled to the privilege or his solicitor could not have been compelled to produce it:"
One of your rights in communication with a lawyer is the right of legal professional privilege. When you use Diaspora Legal you are using a law practice which can and may assist you to protect that right.
Lets be clear, we don't believe in jet contrail or windmill conspiracy theories. However, national security agencies, law enforcement, regulatory agencies, commercial competition and recreational and professional hackers have a wide range of active capability against which practical and lawful precautions ought be taken.
Physical Records Destruction
When it comes to disposal of paper records we use DIN 32757-1 standard P-5 level security paper shredders - the standard used by security agencies and at a security level higher than usual for banking, commercial and legal.
Ethos
Finally, the principal of Diaspora Legal, Mr Greg Finlayson, is on the record as having taken injunctive action including in his own name against government authorities to preserve his client's legal privilege, prevent the unlawful disclosure of his client's information and records and confine the terms upon which regulatory authorities may access client material.
Diaspora Legal
