Data security is a hot global topic right now. New laws that closely regulate data security practices seem to be popping up everywhere in order to account for all of the data people transmit electronically daily. Attorneys have been tightening their practices to protect confidential data and advising their clients to do the same. However, some organisations may not be aware that they could be liable for data breaches perpetrated by their employees – even in seemingly unrelated situations.
Everyone knows about the General Data Protection Regulation (GDPR). The GDPR is the EU’s new privacy regime in the region. Over a year has passed since its implementation and organizations are discovering how strict EU countries will enforce the law. One main provision of the GDPR is for organizations to have security measures in place that will safeguard private consumer data. read more
On February 21, 2019, California Assembly Bill 1130 came before the legislature. The bill would amend the state’s data breach notification law, which requires organizations to alert individuals after certain categories of data fall victim to a breach. Currently, the law applies to several categories of personal information, such as social security numbers, driver’s license numbers, and health data. If enacted, the bill would add other government-issued identification numbers (like passports) and biometric data (like fingerprints) to this list. Advocates of the bill have outlined the following benefits:
In 2018, 1,244 data breaches occurred in the U.S. with over 445.6 million records exposed with a cost of $654 billion. Lawyers make a promise to safeguard confidential client data when they enter into an attorney-client relationship. Today’s digital world means taking extra steps to ensure the security of data that lawyers text/email, save to the cloud, or otherwise electronically transmit. But what happens in the unfortunate event of a cyber-attack? Every state has a data breach notification statute that outlines when and how to notify individuals about compromised data. While this and other laws may apply, lawyers also have unique ethical duties to perform regarding data privacy. Failure to fulfill these ethical duties can result in disciplinary actions such as license suspension.