What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Legalintermediate

Privileged Communications: Physical Protection

Legal professional privilege is absolute in UK law. But privilege can be waived through inadequate protection of privileged material. When privileged documents are stored on connected systems, every breach creates a potential waiver argument.

11 min read

Privilege Is Binary

Legal professional privilege in England and Wales is one of the strongest protections in the common law system. It prevents compelled disclosure of communications between a client and their legal adviser made for the purpose of obtaining or giving legal advice.

But privilege is binary. It exists absolutely, or it does not exist at all. And one of the ways privilege can be lost is through inadequate steps to maintain confidentiality. If privileged material is stored on systems that are subsequently breached, the question of whether privilege has been waived becomes a genuine legal risk.

The Digital Privilege Problem

Modern legal practice generates privileged material digitally. Legal advice, investigation reports, litigation strategy documents, and settlement negotiations all exist as digital files stored on connected systems.

When those systems are breached, several problems emerge:

Exposure risk: Privileged material may have been accessed or exfiltrated by the attacker
Waiver arguments: Opposing parties may argue that inadequate security measures constituted a failure to maintain confidentiality
Disclosure obligations: Organisations may face obligations to disclose that privileged material was potentially compromised
Insurance implications: Privilege waiver can affect the organisation's ability to resist disclosure in related litigation

The SRA and Professional Standards

The Solicitors Regulation Authority (SRA) requires law firms to take reasonable steps to protect client confidentiality. The Bar Standards Board imposes similar obligations on barristers. In-house legal teams are subject to the same professional standards through their individual practising obligations.

What constitutes "reasonable steps" evolves with the threat landscape. As cyber attacks become more prevalent and sophisticated, the standard of reasonable protection rises accordingly. Physical controls for the most sensitive privileged material represent the current highest standard.

What Privileged Material Belongs Offline

Internal investigation reports: Legal advice on potential misconduct, regulatory breaches, or litigation risk
Litigation strategy documents: Case assessments, settlement authorities, and tactical planning
Board legal briefings: Legal advice to the board on significant transactions, disputes, or regulatory matters
M&A legal analysis: Due diligence findings, risk assessments, and deal structure advice
Regulatory response materials: Legal advice on regulatory investigations, enforcement actions, or compliance reviews

How OSS Protects Privilege

Offline secure storage provides the physical protection that privilege demands:

No remote access: Privileged material in physically disconnected storage cannot be accessed through any network-based attack
Identity-verified access: Every access to privileged material requires physical presence and identity verification, creating an audit trail of who accessed what and when
Demonstrable protection: Physical disconnection provides evidence of "reasonable steps" that satisfies professional obligations and resists waiver arguments
Breach scope exclusion: Data stored offline is excluded from breach impact assessments, preserving privilege even when connected systems are compromised

The Evidential Advantage

In litigation or regulatory proceedings, an organisation that can demonstrate privileged material was stored in physically disconnected storage with identity-verified access holds a significantly stronger position than one whose privileged material was on a server that was breached. The physical control demonstrates the intent and effort to maintain confidentiality that privilege requires.

Conclusion

Legal privilege is too important to entrust to software controls alone. Physical disconnection through OSS provides the level of protection that privilege demands, the evidence of reasonable steps that professional obligations require, and the certainty that privileged material survives cyber incidents with its protected status intact.