Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Physical Data Security, Management and Destruction for Legal IT Professionals

Lester Schwab Katz & Dwyer, LLP ('LSK&D') is a 65-attorney insurance defense firm based in New York City. As IT director, I oversee all information systems for the firm, managing a relatively lean staff to cover our employees' needs. Our firm's management expects my team to properly manage, backup and destroy information at the appropriate times with effective methods. They are kept informed periodically, but the bulk of the responsibility falls to me and my IT staff to get the job done right.

One of our major concerns has always been the security of our clients' sensitive data. Recently, there have been stories in the news about data media getting lost or exposed, often with damaging or embarrassing consequences. Backup tapes, hard drives, CDs and other sources contain exponentially more data than a box of paper, so we have had to become very focused on how these data storage devices are tracked, stored, managed and disposed of when the time comes. Now that storage is so inexpensive, more data is sitting on a single disk or drive. New terabyte disk drives are setting a new standard for capacity ' but they also send up a huge red flag for risk. What if one terabyte hard drive was to fall into the wrong hands? Imagine the fallout and liability to which a law firm could be vulnerable.

Also, since our firm does insurance defense, we are frequently handling our clients' confidential medical records. Our main compliance consideration with these files is HIPAA (the Health Insurance Portability and Accountability Act of 1996), which requires that we keep the information for seven years to allow for recovery of data; then we need to make sure that the data is destroyed. In addition to medical information, we often have access to private information for defendants, such as Social Security numbers and personal details. In order to comply with HIPAA's 'due diligence' clause and its privacy requirements, we need to erase the data when it's no longer needed.

Read These Next
Bankruptcy Sales: Finding a Diamond In the Rough Image

There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.

Judge Rules Shaquille O'Neal Will Face Securities Lawsuit for Promotion, Sale of NFTs Image

A federal district court in Miami, FL, has ruled that former National Basketball Association star Shaquille O'Neal will have to face a lawsuit over his promotion of unregistered securities in the form of cryptocurrency tokens and that he was a "seller" of these unregistered securities.

Why So Many Great Lawyers Stink at Business Development and What Law Firms Are Doing About It Image

Why is it that those who are best skilled at advocating for others are ill-equipped at advocating for their own skills and what to do about it?

Blockchain Domains: New Developments for Brand Owners Image

Blockchain domain names offer decentralized alternatives to traditional DNS-based domain names, promising enhanced security, privacy and censorship resistance. However, these benefits come with significant challenges, particularly for brand owners seeking to protect their trademarks in these new digital spaces.

Coverage Issues Stemming from Dry Cleaner Contamination Suits Image

In recent years, there has been a growing number of dry cleaners claiming to be "organic," "green," or "eco-friendly." While that may be true with respect to some, many dry cleaners continue to use a cleaning method involving the use of a solvent called perchloroethylene, commonly known as perc. And, there seems to be an increasing number of lawsuits stemming from environmental problems associated with historic dry cleaning operations utilizing this chemical.