February 25, 2019
What You Need to Know About Document Shredding and the Legal Industry
Every law firm collects and uses personal information from clients, both individual clients and businesses, and keeping that information private is one of the most important responsibilities of being a lawyer.
Not only are lawyers ethically required to keep that personal information safe, they are legally required to as well. Legal firms in Connecticut must abide by both federal and state privacy and information security laws to keep client information private.
Personal information includes any information that is related to or can be used to identify an individual, which covers pretty much every type of information a law firm might collect and store. And client information isn’t the only type of information legal firms might collect. A law firm also collects personal information from its employees, and may also have information from vendors and entities involved in their clients’ cases. That information is also covered by privacy laws.
Federal laws related to the safeguarding of confidential information for legal firms include the FACTA Disposal Rule, the Gramm Leach Bliley Act, and the HIPAA Privacy Rule.
While these regulation are designed to cover non-legal industries such as the financial or medical fields, they also cover any individual or business, including law firms, that provide services to a covered entity.
Both the Gramm-Leach-Bliley Act, which applies to financial companies, and the HIPAA Privacy Rule, which covers a wide range of medical entities, mandate keeping sensitive information safe by using secure storage methods and disposing of documents that are no longer needed in a way that ensures they can never be recovered or reconstructed.
For legal companies, having documents professionally shredded ensures compliance with privacy laws and protects the interests of both the firm and its clients. In fact, the Disposal Rule specifically requires any business that collects consumer information in the course of doing business to securely dispose of that information by shredding or using another method of complete destruction.
In Connecticut, a new data security law called An Act Improving Data Security and Agency Effectiveness went into effect in 2015. The law adds a 90-day deadline for reporting any data breach involving personal information, and in some cases requires companies to offer data breach victims a year of free identify theft prevention services if the data breach involves a Social Security number.
If your law firm is contracted to work with any Connecticut state agencies, additional regulations apply, including implementing and maintaining a comprehensive data-security program, not storing data on flash drives or laptops, and taking on any additional expenses associated with implementing the data security program.
Failure to comply with these regulations can not only result in fines and civil suits, it can also severely damage a firm’s reputation and lead to significant financial losses. Keep your firm in good standing and in compliance by making sure all legal documents are destroyed by a professional shredding company that specializes in legal shredding like Proshred Connecticut.