ToC

Table of Contents

Configuring DPA Checks Configuring Question Sets

Introduction to the DPA Feature

In the legal sector, Data Protection Act (DPA) and UK GDPR checks are more than a regulatory formality - they are an essential security measure. Law firms handle highly sensitive information, ranging from financial matters and family disputes to criminal records, making them frequent targets for social engineering attacks where fraudsters impersonate clients to obtain confidential information.

The Data Protection Assessment (DPA) Check feature in Clio Operate allows you to configure a series of questions and answers that users can ask to verify a caller's identity - commonly referred to as a DPA check - at the point of contact on both inbound and outbound telephone calls.

Multiple configurations

If your organisation needs different question sets for different scenarios or matter types, you will need to create a separate DPA check configuration for each use case, along with a corresponding telephone note work type.

For example:

  • On an incident-related matter, you may want to ask questions such as the date of the incident, the vehicle registration number, or the client's policy number.
  • On a commercial matter, where fewer unique variables are available, you may prefer to verify identity using personal details such as date of birth or home address.
  • You may also wish to use different question sets depending on whether the person you are contacting is an individual or an organisation.

Work type configuration

Each inbound and outbound telephone note task type can only be associated with one DPA question set. To link specific question sets to specific telephone call task types, you will need to create derived work types.

When configuring the DPA Check aspect on a work type, you can also restrict which question set is used based on the role of the call participant.

Configuring DPA Checks

  1. Select Launchpad > Go to Modeller > Global Features > DPA Check
  2. From the blade, you can configure existing question sets or create a new question set.

DPA Check screen with 3 DPA Check Question Sets: DPA-Claimant, DPA-Third Party, DPA-Client

The GDPR requirement is that companies must have "the proper procedures to identify callers". Generally, the best practice is that the caller must correctly answer 2 or 3 questions to confirm their identity.  As such, you must have a minimum of two (mandatory) questions in a question set, but it is recommended to have additional questions.

Configuring Question Sets

When configuring the question set, you can define the number of correct answers, incorrect answers, and skipped questions that are allowed. If these requirements are not met when a user completes the feature, the check fails.

Configure Question Set blade with options to set how many are allowed. Also Configure Question blade with question details

The user experience looks like this, with an additional aspect for DPA Check on the telephone call blade.
DPA Check on a telephone call. Has a green Begin button.

The Past Checks section lets you look at previous checks and see individual question results.

List of past checks

If there isn't enough information on the matter to carry out the checks, the following message is displayed to the user.

Message - Check failed for Acme Ltd - insufficient questions are configured to enable the DPA check to be completed for this person

 

 

Related Articles

Understanding Global Features

There are several features you can enable or disable as needed within your enviro...