In this article:
LawVu's U.S. presence requires adherence to U.S. law concerning data privacy and security provisions contained in the Health Insurance Portability and Accountability Act (HIPAA) and Criminal Justice Information Services (CJIS). In the sections below, we will discuss the features and settings LawVu uses for compliance.
Signing in to LawVu
When signing in to LawVu, two-factor authentication is enabled by default and cannot be disabled. After the User enters their login details, they must enter a verification code received via email.
The warning modal appears after sign-in and lets the user know they are subject to having their activities in LawVu monitored and recorded by their organization's personnel. If monitoring reveals evidence of possible criminal activity, the organization may provide the evidence to law enforcement officials. A user cannot use LawVu without clicking 'consent and continue.'
Sending data via email from LawVu
We have applied stricter security settings to prohibit sensitive information within LawVu from being shared with any third parties via email. This includes:
Permanently disabling external communication.
Ensuring the email address of a matter, contract or associated conversation is not available.
Eliminating the option to share files by sending them via email. For example, users can no longer share a contract document or a file within the 'files' tab of a matter by sending them via email.
Removing content from email notifications
We have also taken steps to remove potentially sensitive information from all email notifications, such as the matter or contract name, and the content of conversations or assignments.
How to access the security settings and change the inactivity period
Your security settings in LawVu can be accessed from Organization Settings > General Settings > Security.
While two-factor authentication and external communication cannot be disabled, you can adjust the default inactivity periods (as shown in the clip below)
The default inactivity period is 10 minutes and is calculated from the user's last click. Once a user is automatically logged out, they must log in again and be reauthenticated. At this point, they will be directed back to their home page in LawVu.
Organization Administrators can adjust the time-out period for inactivity to align with their organization's specific workstation security policy from a minimum of 5 minutes to a maximum of 30 minutes.
Note: there is no option to disable the inactivity period.