Attorneys and Sensitive Data Security

Many states have updated their data breach laws this year, following data breaches in healthcare and state level information. These invasions into what was perceived as secure databases have been occurring more frequently over the past few years.

Recently Connecticut Governor Malloy signed a new data breach bill into law on making it the latest to improve data security protections. It requires any company in the state that is transmitting sensitive data like social security numbers, banking information etc.. to use encrypted email servers, among other security measures.

PHI (Protected health information) is also being addressed in this law requiring all companies to comply with HIPAA and the newly enacted Connecticut State laws.

With over 40 additional states tightening up their data breach laws, attorneys must acquaint themselves with both federal and local statutes governing the security of data. It would serve attorneys well to review the policies and procedures used by their clients and to make sure that there are no violations. Counselors should examine not only healthcare related clients but any client privy to sensitive financial, personal or business information. Additionally, attorneys’ own internal systems do not escape scrutiny as sensitive information is always being sent pertaining to businesses, individuals, legal actions and financial planning.