Sunday, August 17, 2014

Information Security Policies & Practices -- Protecting Client Information

via Law Technology News "Law Firm Data Breaches: Protecting Clients --  Maintaining diligent protocols and educating personnel are crucial tools to protect client data" --
  • "Data threats against law firms can be generated from internal or external sources... Imagine a disgruntled employee who wants to get even with the employer and has unrestricted rights to  client data kept on the firm’s network folder."
  • "Some ways a firm can safeguard against internal data theft include:
  • Be careful about which users are given access to data systems.
  • Monitor user access control to each data source on a regular basis.
  • As users within the firm change positions and/or departments, ensure that system access is verified so that users only have access to the systems they need.
  • Promptly disable all system access (both internal and external) for terminated employees."

For those attending the ILTA conference this week, see also: "Security Policies and Procedures: Why You Need Them and How To Decide Which Ones Matter Most" --

8/21/2014 2:00 p.m. (Event Code:SOSPG6,  Presidential Ballroom B)
  • In response to client guidelines and regulatory requirements such as HIPAA, law firms are increasingly developing and documenting central policies and procedures for managing information security. But policies are only effective if they are living documents accepted by firm stakeholders and honed to match the business issues of greatest risk to the firm. This interactive session will include an overview of the drivers behind security policies as we teach participants how to use a risk-based methodology to develop security policies aligned with firm business goals and encourage buy-in from lawyers, management and staff.

Karen Campbell - Orrick, Herrington & Sutcliffe LLP
Michael Johnson - Security Grc2
Kathryn Hume - Intapp

No comments:

Post a Comment