Apparently the FTC sees identity theft as a major problem that needs to be rectified quickly. There's this interesting article on a new rule created by the FTC that requires creditors to have written policies stating how the creditor protects a client's private information. Lawyers get lumped into the rubric of "creditor" because most lawyers and law firms collect and keep lists or databases of private information. The rule requires that the creditor protect information and identify "red flags" that pose a threat to the private information.
This is serious stuff for attorneys. I don't think there are very many of us who could reasonably identify procedures we use to protect client information, let alone to articulate that into some meaningful written policy. It's a good thing to think about though as you're preparing or managing a practice. Just think about the multitude of ways that private information could be stolen.
For instance, how much do you know about your cleaning company's employees? Where are your files located? What type of information are you sending over the internet? How often do non-employees (family, friends, close colleagues, etc.) come past the formal reception "barrier"? What security measures do you have in place to protect your computers or wireless systems from potential attacks?
I don't disagree with the policy, it's a reasonable policy in light of the numerous concerns. Moreover, this gives law firms an opportunity to strengthen their protocols and eliminate or minimize severe risks.
This is serious stuff for attorneys. I don't think there are very many of us who could reasonably identify procedures we use to protect client information, let alone to articulate that into some meaningful written policy. It's a good thing to think about though as you're preparing or managing a practice. Just think about the multitude of ways that private information could be stolen.
For instance, how much do you know about your cleaning company's employees? Where are your files located? What type of information are you sending over the internet? How often do non-employees (family, friends, close colleagues, etc.) come past the formal reception "barrier"? What security measures do you have in place to protect your computers or wireless systems from potential attacks?
I don't disagree with the policy, it's a reasonable policy in light of the numerous concerns. Moreover, this gives law firms an opportunity to strengthen their protocols and eliminate or minimize severe risks.
No comments:
Post a Comment