Data Security & Compliance

LA CANADA, CA - AUGUST 05:  Customers shop at ...
Image by Getty Images via Daylife

I have notice a lot of attention paid lately to issues regarding data security and online privacy issues. Today, from a somewhat unlikely source, I read an article regarding some of the laws affecting how to handle data and privacy issues . David Perkins writes at the Insurance Journal about What to Know About Red Flags, Notification Laws and the Hi Tech Act. The article is not exhaustive, but it does offer a primer for the practitioner interested in where privacy laws are now and where they appear to be headed.

Perkins hits on the Hi-Tech Act, enacted as part of the Stimulus package, which establishes a federal layer of protection for patients. On the one hand, the Act mandates electronic transmission of more patient information, ostensibly to modernize the manipulation of medical information, while at the same time tightening up the notification process in the event of data breach.

Perkins also hits on a broad Massachusetts regulation enacted one year ago, 201 C.M.R. 17.00, which applies to persons anywhere who “own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts.” Protections are expanded under the regulation and fines can be imposed. At least 44 states have enacted their own data privacy and notification laws and regulations, with mechanisms for fines and penalties.

The “Red Flags Rule” also applies broadly to “financial institutions” and “creditors” with “covered accounts” and addresses the establishment of identity theft protection programs.

Coming down the road is the Data Accountability and Trust Act, which appears imminent. The Act contains notice requirements when data breaches occur and sensitive information is tapped.

The article does not deal with the ethical burdens and additional losses occasioned by data breach in the context of a legal practice. Client confidences are akin to patient privacy; in the case of legal representation, the potential downside of a breach may implicate both the data privacy and notice rules and professional codes of ethics.

While much of the data privacy and notice area remains uncharted, it certainly helps to understand the legislated concerns and the mechanics of how our electronic systems operate in order to assess and address the potential risks.

Reblog this post [with Zemanta]

2 comments on “Data Security & Compliance

  1. Interesting thoughts in light of the discussions regarding gmail, etc. Also the combination of Lawyer Client privilege and data breach will have great implications in the area of virtual law offices etc.

    Thanks for a great find Martha

  2. I have been reading those same discussions, Chris, which is why the original post caught my attention. While the list in the article is short and to the point, hopefully it will alert readers to the need to bone up on the laws affecting their particular practice. And with a nationwide practice, the number of applicable laws could become quite overwhelming.

    Cheers,

    Martha

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s