In the United States, it’s illegal in many states to send an unencrypted email containing a person’s Social Security number (An example is the 2006 New York Social Security Number Protection Law). This regulatory constraint has a significant impact on the way in which American tax practices communicate with their clients.
While we don’t have such specific legislation in the UK, the Data Protection Act does place a duty of care on practices who wish to communicate personal information via email.
The seventh Data Protection Principle in the Act says : “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”
It’s a truism that you should never write anything in an email that you wouldn’t write on the back of a postcard – email is NOT secure. From this, it is clear that sending a clients tax return as a PDF attachment without protecting it from interception is a breach of the Act. Of course in the real world, the risk of interception is low, but it does exist – particularly when dealing with clients who are in the public eye.
The obvious solution is to encrypt the email (using Public Key Encryption software), but this tends to require a degree of coordination between sender and receiver, and while the practice might be happy to invest in the appropriate software, clients are not. In practice, I’ve NEVER seen such a system in use.
You could just encrypt the attachment (a password protected PDF, etc). This is quite a common approach, as it can be implemented very quickly without much (or any) cost. The difficulty arises in maintaining such a system. You must ensure that the client knows the password you are going to use on the secured document, and all staff likely to send a document to that client must also know that password. Ideally, the password for each client should be unique (which now means you need to maintain a list of hundreds or even thousands of passwords in the office). It goes without saying that you should not communicate the password to the client via email! In short, this approach runs the risk of creating an administrative burden that encourages staff to bypass the rules when in a hurry.
This is where a ‘Secure Client Portal’ comes in.
A portal is a secure web-site that is used to accept, store, and publish documents to authorised users. The practice and all clients have access to the web-site through a username and a password. The practice can see ALL documents for all clients. The clients can see only those documents meant for them. You may already have used a system like this if you opt to receive paperless bills from your phone provider, utility company or insurer.
In practice, a fee-earner uploads the draft tax return (or whatever) to the web-site over an encrypted link (coding it to the appropriate client), and the document remains stored securely until the client logs in to review it (also over an encrypted link). The client is also able to upload information for delivery back to the practice.
While these sorts of systems are undoubtedly secure, they demand user names and passwords, so are inevitably a little less convenient than just dashing off an email, and herein lies the problem: Getting clients to use it.
Many years ago, a colleague of mine told me of a secure client portal that he had been involved with in Australia. The product worked well, and was well received by accountancy practices who could see the product as a way of making themselves stand out from their competitors. It sold very well….in the first year. Soon practices found that clients liked the idea of the portal, but didn’t actually use it. The process of navigating to a special web-site and entering a username and password was all too much trouble compared to just sending an email, and there was not enough perception of real danger associated with email to overcome that extra hassle factor.
The real competition for client portals, then, is email. Email is easy, familiar and quick. The inherent insecurity of email is not high enough in people’s consciousness to push them to use a less convenient tool. It’ll almost certainly take a high-profile court-case to get everyone’s attention and encourage a big change.
In the meantime, if secure document exchange portals are to succeed then, they have to offer something extra to both the practice and the client – beyond the rather unglamorous world of risk-mitigation.
Where portals can really make an impact is if they deliver additional features that puts them back ahead of email in the sheer convenience stakes – features such as on-line approval with digital signatures providing genuine reductions in time and effort for practice AND client.
A properly implemented portal can offer genuine benefits for the security of sensitive client communications. Clients may not seem that interested by it, so you should accept that it will be several years before it becomes routine.
My key recommendations:
1. Don’t do it yourself – use a portal that is hosted by a professional hosting company. You don’t need the hassle of managing a web-server and the associated infrastructure. This also helps to maintain a very clear ‘firewall’ between your own files and the documents that are published to clients.
2. Pick the RIGHT host – If your portal is hosted on servers that are outside the EU, then the data is NOT protected by EU data protection legislation (‘Safe harbour’ agreements are OK as far as they go, but I’d still feel happier when my data stays inside the EU). At the very least, you should confirm with your PII provider that they are happy with your choice and make sure your clients are aware that you will be storing their data on external systems.
There’s an exciting EU discussion document on the subject of cloud data-storage here….
3. Be cautious about using the ‘consumer’ cloud storage services such as DropBox and Google Drive. Some of the T&C’s used by these services are really not up to scratch. Fine for holiday pictures, NOT fine for a clients tax affairs! If nothing else, these services will not be easy to use when working with multiple clients – none of whom should see each other’s files.
4. Pick a portal that integrates with your document management system – the extra hassle involved in keeping TWO systems synchronised just isn’t worth it.
CCH Document Management is one of the leading products for the UK Accountancy profession. It does all the things you’d expect of a Document Management product, but it’s key strength is the high degree of integration with the ‘CCH Central’ suite of products.
CCH Central is a framework into which each of the CCH products can be ‘plugged’. They all share a common set of screens and a common database, and each product benefits from the presence of its siblings so that the overall utility of the suite grows exponentially as you purchase new elements of the suite.
If you have CCH Central (core client database) and CCH Practice Management (Time & Fees), and you then add CCH Document Management, the document management functions appear as extra features and screens within the existing software. There is no new desktop icon, just a set of extensions to the software you already have open on your PC all day anyway. The new product already ‘knows’ about your clients and contacts the very first time it loads up, and automatically makes use of that data.
When you file a document into any Document Management system, you must complete a database record for the new document. This can be considered as an ‘Index Card’ for the document, and no document can be filed without one (The industry term is ‘Metadata’ : data about data). In the case of CCH Document Management, the document metadata is intimately connected to the rest of the CCH Central database. If you have created a ‘Personal Tax’ assignment against some clients in your Time & Fees setup, then CCH Document Management knows this, and offers to apply this information against any document filed to a Personal Tax client. It also knows what tax years you are currently working on, and also offers to code the document to the right one – All very neat.
What if your filing requirements don’t match nicely with your Time & Fees analysis codes? Insolvency (or Corporate Recovery as fashion dictates we now call it) typically uses a quite extensive filing structure, while simultaneously running a fairly simple Time & Fees design. The demands of SIP9 are not that complicated, but insolvency files often are. In these situations, CCH’s use of Time & Fees analysis to drive document filing can cause one or two challenges.
I have prepared a White Paper that discusses two approaches for configuring CCH Document Management to successfully support the needs of a Corporate Recovery division alongside those of a general practice. It describes how the software will appear for users, how to configure the software, and highlights the relative advantages and disadvantages of the two approaches.
To download a free copy (PDF 1.2Mb) click the link below…
I’ve been playing with Windows 8 for a while now, and I recently installed the ‘Consumer Preview’ onto my day-to-day laptop.
A lot of Windows 8 is based on Windows 7. This is not a bad thing, and Windows 7 is the best Operating System Microsoft have ever produced. Windows 8 has the SAME hardware demands as Windows 7, along with some enhancements to, for example, make it boot up even faster. My four-year old laptop starts up in HALF the time it did with Windows 7.
The biggest change, is, of course, the new ‘Start Screen’. This replaces the old start button & menu that has been sitting at the bottom left of our screens since Windows 95. The Start Screen is a sideways scrolling array of ’tiles’ of assorted colours. Each tile is pretty much the same as the icons you have on your start menu. If you click the ‘Microsoft Word’ tile, then Word will launch and appear just as it always has. Microsoft are also encouraging the development of a new range of touch-compatible programs that will use the same look and feel as the Start Screen.
The Start Screen appears as soon as you log in to your computer, and can be called up in the same way as the old start menu (By clicking your mouse in the bottom-left corner of the screen, or by tapping the ‘Windows key’ on your keyboard).
With some extra development work, software suppliers can customise their program’s tiles to contain information – status updates, summary information, and so on. The Start Screen then starts to become a constantly changing ‘dashboard’ as well as a menu. Microsoft have created some simple programs to demonstrate this in action (showing my next Outlook appointment, and listing any unread emails, for example).
You can decide what tiles you want to see on your Start Screen, and how they are laid out. Anything you don’t use (all those little utilities and configuration tools that clutter up the Windows start menu, for example) can be relegated to a hidden ‘All Apps’ screen that you never have to look at).
You can also organise your Start Screen into groups of tiles with a common theme. I, for example, have created a ‘Work’ group and a ‘Personal’ group (as well as a third group for ‘Stuff I don’t use very much’!
So – Instead of having a desktop with ‘shortcuts’ for your regularly used programs, documents, and web-sites – you create tiles instead – organising them into groups as appropriate. On the ‘Work’ section of my Start Screen, I have, for example, added a tile for AccountingWeb, and one that takes me to my ‘Clients’ folder.
If I start to type on the keyboard, Windows immediately starts to perform a search of all the items on my Start Screen. So, if I want to launch Windows Calculator, for example, I only need type ‘cal’ and the screen instantly changes to display only those applications that have ‘cal’ in their name.
The Start Screen, then, is your computer’s Home Page and menu system rolled into one. It has clearly been designed with touch-screens in mind, but in practice, I’ve found few problems using mouse and keyboard on my laptop.
Where’s my desktop?
When you click on a tile to launch (for example) Microsoft Word – Windows 8 then reverts to more familiar territory. Your programs appear much as they do in Windows 7.
You can have shortcuts and icons on your desktop, you can have multiple windows open, and you have the old taskbar at the bottom of the screen. Using the computer for actual work, then, remains pretty much the same as before. There is no ‘Start’ button in the bottom-left, however, as the start menu no longer exists.
There has been much discussion about the slightly schizophrenic nature of Windows 8. On the one hand, you have this new finger-friendly Start Screen with its whizzy tiles, and yet most of the business software you will launch from that screen demands ‘old Windows’ desktop and keybaord and mouse to work properly. So, what is Windows 8 really about?
Windows 8 is the first step in a move towards a new generation of touch-screen tablets that are also ‘proper’ computers. It’s also a reaction to the success of the iPad. A lot of the fancy features of the Start Screen are about competing with Apple for the HOME computing market – where simplicity and visual impact matter and where the idea of seeing your Facebook updates alongside slideshows of your holiday snaps is very powerful. Imagine a Windows 8 touchscreen on the wall of your kitchen, with touchscreen access to email, family calendar, Facebook, Twitter, weather, photos, recipes, TV shows, etc.
In the business arena, the argument is less clear (for now). Windows 8 will only really offer benefits with a new generation of computers that can act as both tablet AND desktop PC. Taking the tablet out of its docking station to go to meetings or client visits (and using the touch screen) and then returning it to its dock when you get back to your desk and switch to a mouse and keyboard. iPads are starting to make inroads into business life for note taking, email and reference on the move. Windows 8 is Microsoft’s fightback.
Windows 8 really starts to come alive (and make sense) when used with a touch screen. In short – If you have existing kit running older versions of Windows, I’m not convinced there is a business case for upgrading. A few years from now, however, the idea of being able to operate a single bit of kit as both tablet and desktop will be quite compelling.
I was recently asked by CCH and AccountingWeb to write up a discussion paper on the less obvious, second-tier benefits of Electronic Document Management – the stuff that doesn’t become apparent until a system (any system – not just CCH’s) has been in place for a little while.
Return On Investment is a commonplace mantra with technology offerings for business at the moment (as indeed it should). The ROI of Document Management can be quite tricky to pin down at times, because the impact tends to happen in terms of lots of little advances and benefits – how do you quantify the benefits of NOT losing a client file?
Anyway – you can access a copy of this White Paper at the CCH web-site.. here.
There was follow-up discussion on the subject on AccountingWeb here.
Singleview’s last major release was in mid-2007 – too late for MYOB to take account of the latest and greatest version of Microsoft Office. It transpires (more by luck than judgement, it has to be said – although I should pay tribute to the heavily abstracted architecture created by James Cullingham for making this possible) that Singleview’s configuration can be adjusted to provide support for Office 2007 and Office 2010.
I have created a knowledgebase document that describes the steps needed to alter Singleview in advance of any Office 2010 roll-out. You can download this by clicking on the following link….
Singleview and Office 2007 (PDF, 1.2Mb).
This week – as the press has been reporting – Microsoft has released an early version of Windows 8.
Much of the focus has been on the new ’tile-based’ interface that appears when you log in, and there is a temptation to see this as irrelevant for ‘proper work’. But the overall trend (both social and technical) is in Microsoft’s favour – To use the old business/ice-hocky metaphor, they’re ‘skating to where the puck WILL be, not where it is’.
What are those trends?
1. Processor power is continuing to develop as quickly as ever
2. Battery technology continues to improve
3. Solid state storage (as opposed to hard disks) is getting cheaper, which has its own impact on battery life
Case in point : It’s been calculated that an iPhone 4 is more powerful than the room-filling CRAY-2 supercomputers of the 1980’s. An iPad 2 would have been the world’s fastest computer right up until the mid 90’s.
1. User expectations have been dramatically raised by the iPhone and iPad – people can see what is possible, and won’t tolerate poorly designed, over complex technology. Apple has demonstrated that tablets can work.
2. Users are increasingly pressurising employers to allow them to use their own kit (And I see a LOT of partners with iPads now – all asking IT to make it link with the office email system).
With Windows 8, Microsoft are clearly trying to serve two masters – On the one hand: the Consumer, who wants an iPad-style device to read mail, access photos and other media, and as an all-purpose internet-linked organiser/notepad. On the other hand: Enterprise customers, who need to work with more complex applications and require centralised management, security, and consistency (so they don’t have to spend vast sums on re-training).
There’s a gap there – Tablets are not suitable for running heavy duty content-creation applications, and the traditional PC/Laptop isn’t as convenient and accessible as a tablet.
Apple see that same gap – Apple’s iOS is a mobile operating system – designed to deliver excellent performance on the mobile hardware of today, but excluding ‘desktop’ features that would compromise the overall product (Case in point – Flash is not supported on iOS because it’s so processor and battery hungry). iOS exists because it’s not possible to build a full-power Mac into a portable solid-state tablet with fantastic battery life yet.
I suspect that Microsoft are looking towards a time when technology will advance to a point where it CAN deliver desktop performance in tablet-sized packages, and in that situation, why not have a “full-fat” desktop Operating System running an optional ‘mobile’ user-interface with the ability to switch between the two at will?
So…Five years from now (probably sooner)- Imagine a tablet running a touch-friendly iPad-type operating system. You use it to read a book or newspaper on the train, and you use it in meetings for note-taking and looking stuff up. Back at your desk, you drop the tablet into a dock with a keyboard and mouse, swap to a more ‘traditional’ desktop, and launch Excel (or whatever). All on ONE device. This machine doesn’t take 10 minutes to boot up, it takes seconds. It lasts two or three days before needing a recharge, it can store vast amounts of data (and integrated internet gives you access to the rest). The current situation of tablet PLUS laptop is only a stopgap until tablets get faster.
I think THIS is what Microsoft sees – sometimes you’ll be holding Windows 8 in the crook of your arm, using a touch-screen – and sometimes you’ll be sitting at a desk using a mouse and keyboard. And it’ll be a single device for both.
For complicated reasons I won’t dwell on – I found myself reading an article written by Douglas Adams more than a decade ago.
If you want an entertaining and frighteningly prescient discussion on the Internet, innovation, and its impact, then you’d be hard pressed to beat this…
and… a brief extract which sets the tone…..
1) everything that’s already in the world when you’re born is just normal;
2) anything that gets invented between then and before you turn thirty is incredibly exciting and creative and with any luck you can make a career out of it;
3) anything that gets invented after you’re thirty is against the natural order of things and the beginning of the end of civilisation as we know it until it’s been around for about ten years when it gradually turns out to be alright really.
Apply this list to movies, rock music, word processors and mobile phones to work out how old you are.