LawVu's U.S. presence requires adherence to U.S. law concerning data privacy and security provisions contained in the Health Insurance Portability and Accountability Act (HIPAA) and Criminal Justice Information Services (CJIS). In the sections below, we will discuss the features and settings LawVu uses for compliance.
In this article:
Signing in to LawVu
When two-factor authentication is enabled, users will encounter the following modal window when signing in, where they will be required to enter a verification code received via email.
Note: Organization administrators can disable this feature; click here to learn more.
The warning modal appears after sign-in and lets the user know they are subject to having their activities in LawVu monitored and recorded by their organization's personnel. If monitoring reveals evidence of possible criminal activity, the organization may provide the evidence to law enforcement officials. A user cannot use LawVu without clicking 'consent and continue.'
Sending data via email from LawVu
We have applied stricter security settings to prohibit sensitive information within LawVu from being shared with any third parties via email. This includes:
Permanently disabling external communication.
Ensuring the email address of a matter, contract or associated conversation is not available.
Eliminating the option to share files by sending them via email. For example, users can no longer share a contract document or a file within the 'files' tab of a matter by sending them via email.
Removing contents from email notifications
We have also taken steps to remove potentially sensitive information from all email notifications, such as the matter or contract name, and the content of conversations or assignments.
How to access the security settings and change the inactivity period
Your security settings in LawVu can be accessed from Organization Settings > General Settings > Security.
While external communication cannot be disabled, you can adjust the default inactivity periods (as shown in the clip below)
The default inactivity period is 10 minutes and is calculated from the user's last click. Once a user is automatically logged out, they must log in again and be reauthenticated. At this point, they will be redirected to the exact page they were on before the system logged them out due to inactivity.
Organization Administrators can adjust the time-out period for inactivity to align with their organization's specific workstation security policy from a minimum of 5 minutes to a maximum of 30 minutes.
Note: there is no option to disable the inactivity period.