Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Physical Data Security, Management and Destruction for Legal IT Professionals

By Michael Chung
October 29, 2007
Lester Schwab Katz & Dwyer, LLP ('LSK&D') is a 65-attorney insurance defense firm based in New York City. As IT director, I oversee all information systems for the firm, managing a relatively lean staff to cover our employees' needs. Our firm's management expects my team to properly manage, backup and destroy information at the appropriate times with effective methods. They are kept informed periodically, but the bulk of the responsibility falls to me and my IT staff to get the job done right.

One of our major concerns has always been the security of our clients' sensitive data. Recently, there have been stories in the news about data media getting lost or exposed, often with damaging or embarrassing consequences. Backup tapes, hard drives, CDs and other sources contain exponentially more data than a box of paper, so we have had to become very focused on how these data storage devices are tracked, stored, managed and disposed of when the time comes. Now that storage is so inexpensive, more data is sitting on a single disk or drive. New terabyte disk drives are setting a new standard for capacity ' but they also send up a huge red flag for risk. What if one terabyte hard drive was to fall into the wrong hands? Imagine the fallout and liability to which a law firm could be vulnerable.

Also, since our firm does insurance defense, we are frequently handling our clients' confidential medical records. Our main compliance consideration with these files is HIPAA (the Health Insurance Portability and Accountability Act of 1996), which requires that we keep the information for seven years to allow for recovery of data; then we need to make sure that the data is destroyed. In addition to medical information, we often have access to private information for defendants, such as Social Security numbers and personal details. In order to comply with HIPAA's 'due diligence' clause and its privacy requirements, we need to erase the data when it's no longer needed.

Locking Down the Data

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?