On October 11th BGS attorney Carole Clark Isakson presented a seminar on data privacy issues to a large audience of Anoka County Bar Association attorneys. The seminar, entitled “Basic Electronic Data Security Issues”, addressed the professional and ethical obligations of attorneys in dealing with client (and employee) data in addition to covering privacy laws and how to implement them at law firms and businesses in general. Associate Attorney Nicole Wiebold spoke on the GDPR (General Data Protection Regulation) which became effective in May of this year.
Data breaches strike almost a third of US businesses each year, according to one source, and the costs of remediation (coupled with the loss of business and reputation) can result in the failing of many businesses. Protecting client and customer data requires focus on three areas, and Ms. Isakson discussed all three, taking questions from the audience throughout the presentation. Protecting data requires three things:
1. Technical controls (such as up to date computers and software);
2. Physical controls (like locked offices and elevators); and
3. Administrative controls (teaching all technology users to use cell phones and other devices in a safe way, and implementing firm wide data security assessments and policies).
Ms. Isakson also offered practical advice on public wi-fi use (don’t!) and review of common contract addendums on data security (be careful!).