Lawyers and Other People’s Personal Information

By on

guide

The belief that “The odds of a computer or network breach isn’t an if, it’s only a when” is practically dogma now.  Given this reality, every law practice, to include solo attorneys, should have a data security plan in place.  Yes, I know the task can seem a bit daunting, particularly if you have no idea where to start; but failing to do this is no longer an acceptable choice. Putting our ethical duties and various state and federal regulations aside, every client expects to have whatever sensitive and personally identifying information they provide to you properly safeguarded. That’s the bottom-line.

The good news for lawyers who practice in the solo space is data security plans needn’t be drafted in the form of some long-convoluted treatise on IT security. It’s really more of a process followed up with a list of to-dos.  If you happen to have any staff, you will also need to create a list of guidelines and expectations to be followed on a going forward basis.

The entire process can be summarized as follows.  First, determine what sensitive and personally identifiable information you have and then identify all the locations where this information is stored.  Second, determine if there is a legitimate reason to collect and maintain every piece of this information.  If certain types of information aren’t really needed, stop collecting it.  Third, figure out how to properly secure all information that must be kept and then take whatever steps are necessary to do so.  Fourth, properly destroy any information that doesn’t need to be maintained. And finally, create an incident response plan so you know what to do if and when a breach occurs.

To help you move forward with this task, I encourage you to take a look at a useful guide put out by the Federal Trade Commission that is intended to help small businesses protect personal and sensitive information. This guide provides the details and instructions most small businesses need in order to make taking the above steps a palatable task.  Finally, the FTC has also published a data breach response guide where additional information on what to do if and when you experience a breach can be found.

All opinions, advice, and experiences of guest bloggers/columnists are those of the author and do not necessarily reflect the opinions, practices or experiences of Solo Practice University®.

This entry was posted in Guest Bloggers and tagged Cyber Security, Mark Bassingthwaite. Bookmark the permalink.

About the Author

Avatar of Mark Bassingthwaighte

Mark Bassingthwaighte, Esq. is a Risk Manager with ALPS Property & Casualty Insurance Company. In his tenure with the company, he has conducted over 1,000 law firm risk management assessment visits, presented numerous continuing legal education seminars throughout the United States, and written extensively on risk management and technology. Mark received his J.D. from Drake University Law School and his undergraduate degree from Gettysburg College. He blogs at www.alps411.com. Mark can be contacted at: mbass@alpsnet.com.

Subscribe Like what you've read?

Enjoy our blog posts with lunch! Enter your email address and we'll send you an email each time a new blog post is published.

Want your free copy of Business Call is Back and Attorney Guide to Virtual Receptionists? Subscribe by email below and you will be able to download them immediately.

Comments are closed automatically 60 days after the post is published.