Issue link: https://epubs.iltanet.org/i/45522
"Clients will sometimes exercise their right to audit a firm's internal record- keeping processes." confidential management of information. Firms need to establish protocols to automatically notify the IT department when matters are opened that require confidential information access be limited to the legal team working on the matter. Many law firms' client intake workflow processes do not have a validation mechanism to ensure that outside counsel's confidentiality requirements are reviewed and understood by IT. A recommended best practice is to routinely review the firms' larger clients' outside counsel guidelines and procedures. Once reviewed, there should be a process to audit compliance with confidentiality requirements. EMERGING PRIVACY LAWS Recent updates to Health Insurance Portability and Accountability Act (HIPAA/HITECH) laws, along with 36 Risky Business ILTA White Paper state privacy guidelines (such as Massachusetts 201 CMR 17:00 Data Privacy legislation), serve to protect inadvertent disclosure of protected health information and personal identification information. Massachusetts 201 CMR 17:00 defines personal information as "a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number." Personal information as previously described could potentially exist in various types of legal representations, including trust and estate, bankruptcy, corporate, banking and securities, personal injury and litigation matters. These laws