Information Law Firms Collect and Store – What to do in the Event of a Cyber Breach?
When storing information, it can be done on paper or digitally on personal/shared computers, systems, files, or vendor applications. Regulatory requirements like state laws, GLBA, FERPA, GDPR must be considered. Plan and risk assessments, encryption, and access controls are used to support compliant environments. Protocols for breaches, legal holds, and employee changes must be put in place. Third-party vendors and outsourced staff must be considered. In case of a breach, notifying insurance carriers, healthcare providers, finance entities, schools, and individuals affected is crucial.
- Introduction to information storage
- Paper vs. digital storage
- Personal and shared computer storage
- System, files, and vendor application storage
- Regulatory requirements, including state laws, GLBA, FERPA, GDPR, and BAAs
- Risk assessments, plan development, and encryption
- Tailoring privacy practices to company size and IT capabilities
- Outsourced staff and third-party vendor considerations
- Processes for sharing information via email or e-sign
- Protocols for managing breaches, legal holds, and employee role changes
- Access controls, including physical, administrative, and technical measures
- Response to breaches, including notifying insurance carriers, healthcare providers, schools, and individuals affected