You own or manage a law firm and have a lot of important cases. But are you taking information security seriously? If not, you are exposing your clients and your firm to potential negative ramifications as evidenced by several Atlanta law firms who failed to secure sensitive documents. Due to poor information protection practices several law firms dumped sensitive documents containing case information, W2 information, bankruptcy files, and old checks among other data directly into an insecure location. When some of the original documents were traced back to a firm it was learned that the employee who performed that action was instructed to dispose of the documents in a large dumpster that was believed to be a secure site. The original article linked above quoted the employee as saying “My understanding is that once stuff goes in nobody can take anything out because it’s very deep.”
By failing to secure sensitive client information the law firm exposed themselves to liability lawsuits and a damage to their reputation of being trust worthy representatives of their clients
Information Security Lessons Learned
- Sensitive information residing in physical form should not just be thrown out. More thorough destruction techniques such as shredding or incineration are necessary to safely eliminate records that have outgrown their usefulness. You could also consider hiring a firm that specializes in these activities but be sure to audit their compliance on occasion.
- Sensitive electronic media should be secured by overwriting it as detailed in a previous article.
- Once you have implemented effective techniques as outlined above educate your employees how to perform the desired actions and audit their compliance on a periodic basis.
Remember simply putting information in a dumpster does not equal information security!