National Data Privacy Day
January 28, 2013 is National Data Privacy Day in the United States, Canada and other countries. Data Privacy Day should serve as a timely reminder to consider the following:
- Does your business have a Written Information Security Plan ("WISP") that identifies all personal information ("PI") in your possession (principally, an individual's name plus a confidential identity, bank or credit/debit number) and associated physical, legal and operational protections?
A WISP is required for Massachusetts businesses and strongly recommended for all firms.
- Have you taken reasonable steps to ensure that vendors holding your employee and client PI have adequate legal and operational protections in place?
Adequate protections, codified in written contracts, are required for Massachusetts businesses and strongly recommended for all firms.
- Does your business website have adequate Privacy Polices and/or Terms of Use?
Connecticut law requires minimum standards for Privacy Policies and well-written Privacy Policies and Terms of Use are a must for any website collects information from vendors or potential customers.
- Does your business or your employees place PI or confidential business information on cloud-based document management sites such as Drop Box or Google Docs?
Security protections on such sites are often weak and their use potentially poses business risks for all firms and, for lawyers in particular, may violate Bar Association Ethics Opinions in Massachusetts, New York and other states.
If you need more information or assistance, please contact the Murtha Cullina LLP Information Security and Privacy Group.
