How is user data handled in the LIT SUITE?

Given the sensitive nature of legal documents and Case Files managed using LIT SUITE, data security and user privacy are of paramount importance. This support article will detail the LIT SUITE’s approach to maintaining the integrity and confidentiality of user data, emphasizing the secure and responsible handling of data within the legal context.

 

Introduction

LIT SUITE stands at the forefront of legal technology, offering a range of specialized tools for litigation professionals on iPad and Mac. The suite includes TrialPad, an intuitive tool for dynamic courtroom presentations; TranscriptPad, for efficient transcript review and annotation; DocReviewPad, which aids in document organization and review; and ExhibitsPad, a companion iPad app used as an electronic binder for managing exhibits. This suite is designed to meet the demanding and varied requirements of legal professionals, facilitating a more effective and compelling case presentation.

Data management practices are built around Apple's robust UIDocument API and UIDocumentPickerViewController, ensuring secure access and management of legal documents, referred to as “Case Files”. We will explore the mechanisms for securing data when it is being transferred (in motion), actively used (in use), and stored (at rest), while underscoring the shared responsibility between the apps and its users in safeguarding sensitive legal information.

 

Data 'In Motion'

Applications in the LIT SUITE do not access or transmit case materials over the network. This section outlines how the apps manage and secures user data during transfer processes, particularly focusing on the use of Apple's UIDocumentPickerViewController.

UIDocumentPickerViewController and Its Role

The LIT SUITE utilizes UIDocumentPickerViewController, a component of Apple's UIKit framework, for importing content. This controller is an integral part of the iPadOS and macOS operating systems, ensuring a standardized and secure way for users to access files. 

Handling Data Local to the Device

  • LIT SUITE is designed to interact only with data that is local to the device. This means that any transfer of data occurs between the operating system and the file provider before being accessible to LIT SUITE.
  • The UIDocumentPickerViewController acts as an intermediary, allowing users to browse and select documents stored on their device or in cloud services linked to their device. Once a user selects a file, the controller grants our app permission to access it.

Security of Data Transfers

  • Since our apps do not directly handle data transfers over networks and rely solely on the built-in mechanisms of iPadOS and macOS, additional encryption for data in motion is not required from our end.
  • The security of data during transfer is managed by the operating system and the respective file providers. Apple's iPadOS and macOS are known for their robust security features, including end-to-end encryption for data transfers, ensuring that any data accessed through UIDocumentPickerViewController is secure.

Data Transfer Process

  • When a user selects a document through UIDocumentPickerViewController, the file is made available to our app through a secure, read-only file path.
  • Our app then processes or imports the content from this path. It's important to note that this process does not involve moving or copying the file over a network; it is simply making a local file accessible to the app.
  • This approach minimizes the risk associated with data transfer, as the data remains within the secure environment of the user's device and the operating system.

Conclusion

In summary, LIT SUITE ensures the security of data in motion by leveraging the inherent security features of iPadOS and macOS. Our reliance on UIDocumentPickerViewController for file access means that the app interacts only with data already secured on the user’s device, maintaining the integrity and confidentiality of user data during its transfer within the local system.

 

Data 'In Use'

This section details how the LIT SUITE handles user data, specifically Case Files, when they are actively accessed and used within the application. Our approach focuses on security and privacy, balancing accessibility with responsible data management.

Accessing Case Files Through UIDocument API

  • LIT SUITE accesses user data, referred to as Case Files, through Apple's UIDocument API. This framework is designed for robust and efficient file handling within iPadOS and macOS environments.
  • UIDocument API allows our app to manage user content seamlessly, providing a reliable interface for document manipulation, including reading, writing, and saving changes.

Use of UIDocumentPickerViewController for Temporary Access

  • To access a Case File, our app uses UIDocumentBrowserViewController, which grants temporary access to the document selected by the user.
  • This access is transient and is only maintained while the Case File is open in the app. Once the user closes the document, our app relinquishes any access to the file, ensuring that data is not unnecessarily exposed.

Handling of Case Files While Open

  • While a Case File is open, our app can perform various operations as required by the user, such as editing, analyzing, or viewing the content.
  • It is important to note that Case Files are not encrypted by our app. Therefore, the confidentiality and integrity of the data within these files rely on how and where the user chooses to store them.

User Responsibility for Secure Storage

  • Users are responsible for saving their Case Files in a location that they deem secure. LIT SUITE provides the flexibility to save these files locally on the device or in a cloud storage location of the user's choice.
  • If a user opts to store Case Files in a cloud service, it is crucial to understand that the security and privacy of these files are then under the purview of the chosen cloud storage provider.
  • Our app encourages users to be aware of the security measures and policies of their selected storage solutions, especially when dealing with sensitive or confidential legal data.

Cloud Storage and Security Responsibility

  • When Case Files are stored in a location synchronized by a cloud storage provider, the provider becomes responsible for the security of these files. This includes protection against unauthorized access, data breaches, and other potential security threats.
  • Users should ensure they are comfortable with the security practices of their chosen cloud service providers, particularly if the Case Files contain sensitive or confidential legal data.

Conclusion

In essence, LIT SUITE provides a secure and efficient way to access and use Case Files through Apple's UIDocument API and UIDocumentPickerViewController. While our app ensures secure handling of data during its use, the responsibility for encrypting and securely storing Case Files ultimately rests with the user, especially when utilizing cloud storage services.

 

Data 'At Rest'

This section explains how LIT SUITE handles user data, specifically Case Files, when they are not actively being used or accessed within the application, known as data 'at rest'.

User-Controlled Data Storage

  • In LIT SUITE, users have the autonomy to choose where to store their Case Files. This could be locally on their device or in a cloud-based storage service.
  • LIT SUITE's design respects user choice, allowing for flexibility in data storage while ensuring that the app itself does not impose any specific storage location.

No Copies Maintained by the App

  • Crucially, our app does not maintain any copies of Case Files. Once a user closes a document or finishes a session, the app retains no residual data.
  • This approach is intentional to ensure that users have complete control over their data, and it also eliminates potential security risks associated with storing sensitive information within the app.

Transmission of Data Copies

  • LIT SUITE does not transmit copies of Case Files to any external servers or locations.
  • All operations on Case Files are performed locally on the user's device, and any movement or sharing of these files is entirely under the user's control.

End User's Responsibility for Data Security

  • Since our app does not encrypt Case Files or dictate storage locations, the responsibility for securing data at rest lies with the end user.
  • Users should be conscientious about where they store their Case Files, especially if they contain sensitive or confidential information.
  • It is recommended that users employ strong security measures, such as using encrypted file systems or secure cloud storage services, to protect their data.

Best Practices for Secure Storage

  • We advise users to familiarize themselves with the security features of their chosen storage solutions, whether it's a local drive or a cloud service.
  • Regular backups and the use of robust passwords or access controls are highly recommended to safeguard Case Files against unauthorized access or data loss.

Conclusion

In summary, LIT SUITE ensures the integrity of Case Files when in use but does not interfere with or manage data when at rest. The responsibility for securing Case Files at rest rests solely with the user. Our app's role is to provide a secure and efficient environment for accessing and processing these files, while the storage and protection of data outside the app are governed by the user's decisions and actions.

 

Compliance and Best Practices

This section outlines the compliance measures and best practices adhered to by LIT SUITE, especially in the context of data handling, security, and privacy. Our approach aligns with industry standards and regulatory requirements, ensuring that users can confidently use our app for their business needs.

Adherence to Industry Standards

  • LIT SUITE is developed with a strong commitment to industry best practices in data security and privacy.
  • While our app facilitates the creation, access, and management of Case Files, it does not directly involve itself in data encryption or storage, thereby aligning with standard practices for app-based data handling.

Regulatory Compliance

  • Considering the diverse usage scenarios of our app, we encourage users to comply with relevant data protection regulations applicable to their geographical location and industry. This includes, but is not limited to, GDPR in Europe, HIPAA in the healthcare sector in the United States, and other similar regulations worldwide.
  • Since our app does not store or transmit user data, the primary responsibility for regulatory compliance concerning data protection rests with the user, especially in how they choose to store and secure their Case Files.

User Responsibility in Data Protection

  • Users are advised to be proactive in ensuring the security of their data. This includes selecting secure storage locations, whether locally or in the cloud, and employing appropriate encryption methods if the data is sensitive or requires additional protection.
  • In cases where Case Files are stored using cloud services, users should ensure that their chosen providers are compliant with relevant data protection laws and regulations.

Best Practices for Data Security

  • We recommend that users regularly update their operating systems and security software to protect against vulnerabilities and threats.
  • Practicing good data hygiene, such as regular backups and using strong, unique passwords for accessing stored Case Files, is crucial.
  • Users should be aware of the security and privacy settings of their devices and cloud storage providers, adjusting them as necessary to enhance data protection.

Ongoing Commitment to Security

  • LIT SUITE is committed to maintaining the highest standards of security for the apps. We regularly update our app to address emerging security threats and to incorporate new security features as they become available in the iPadOS and macOS ecosystems.
  • We encourage users to keep our app updated to the latest version to benefit from these enhancements.

Conclusion

In conclusion, while LIT SUITE provides a secure and efficient environment for handling Case Files, we emphasize the shared responsibility model in data security. Our app adheres to industry best practices and enables users to operate within the ambit of various regulatory frameworks, but the ultimate responsibility for data protection, especially data at rest, lies with the user.

Summary

In this white paper, we have detailed the comprehensive measures and practices employed by LIT SUITE to ensure the security and privacy of user data at various stages: in motion, in use, and at rest. Our commitment to data security is embedded in the very architecture of LIT SUITE and aligns with the robust frameworks provided by iOS and macOS platforms.

 

Key Highlights

  • Data in Motion: By leveraging UIDocumentPickerViewController, our app ensures secure access to local files, relying on the inherent security protocols of iOS and macOS without needing additional encryption on our part.
  • Data in Use: While Case Files are accessed and used within the app, we provide a secure and efficient environment. However, we do not encrypt these files, underscoring the importance of user discretion in handling sensitive information.
  • Data at Rest: The app does not store or maintain copies of Case Files, leaving the responsibility of secure storage to users. This approach empowers users to choose the most appropriate storage solutions, be it local or cloud-based, while being mindful of their security features.

Shared Responsibility Model

  • We emphasize a shared responsibility model where the app provides the tools and environment for secure data handling, while the users are responsible for the security of their data, especially when stored or synchronized with cloud services.
  • Users are encouraged to stay informed and proactive about the security features of their chosen storage solutions and to comply with relevant data protection regulations.

Commitment to Security and Privacy

  • LIT SUITE is dedicated to upholding high standards of data security and user privacy. We continuously monitor and update LIT SUITE to adapt to evolving security threats and advancements in technology.
  • Our approach is designed to provide peace of mind to our business users, ensuring that their data handling needs are met with diligence and care.

In closing, LIT SUITE stands as a testament to our commitment to data security, user privacy, and adherence to best practices in the digital realm. We are dedicated to providing our users with a reliable, secure, and efficient tool for their business needs, maintaining transparency and integrity in all aspects of data handling.