Peer to Peer Magazine

the quarterly magazine of ILTA 15 Peer to Peer following techniques will allow more efficient access, cost control and better compliance. • uniform classification and naming of documents and data. Designation of items as non-records, convenience records or official records for retention purposes. • Determination of defined retention periods, based on legal and operational requirements, for various categories of records. • Designation of official repositories for storage of records. Official repositories must be able to support classification and naming conventions, allow the application of retention periods, support the declaration and preservation of records, and permit deletion of information. • implementation of security protocols, policies and technologies to prevent both internal and external breaches of confidential, personally identifiable and proprietary information. • Establishment of training and policies governing use of firm information. We can anticipate that the road to better information management in law firms will be bumpy. However, technologies to facilitate search, retrieval and filing are improving, and will become easier for attorneys to use. Attorneys will learn new work habits over time. Law firms will provide policy and funding to support compliance-driven information management initiatives. Costs will drop, and access will improve when firms store less information. Finally, the tension between attorneys and firm management will lessen as everyone understands that information is both an asset and a risk. ILTA beth chiaiese is the national Director of loss Prevention for foley & lardner llP. beth has spent her career in the legal industry, developing and managing conflicts of interest, records management and risk management programs. she is a co-author of "Records Management in the legal Environment" (aRMa international, 2005), and speaks and writes frequently about law firm risk issues. beth is a former member of the aRMa international board of Directors, and she is a certified Records Manager. she can be reached at bchiaiese@foley.com. New Massachusetts Law Affects Data Privacy a new data privacy law is being enacted in Massachusetts, and the law has serious implications for businesses — not only in the commonwealth, but across the united states. On March 1, 2010, 201 CMR 17.00 will go into effect, and businesses across the United States will need to be in compliance. You may wonder why a business located outside Massachusetts will need to comply with the law. M. J. Shoer writes in Fosters.com that it is quite simple. Massachusetts has enacted the most stringent data privacy law in the country, which basically says that if you do business with a resident of or company from the Commonwealth, you will be required to protect the private information of those residents or companies. What exactly does being in compliance mean? Shoer, president and virtual chief technology officer of Jenaly Technology Group, Inc., a Portsmouth-based outsourced IT services firm, writes that it means you have taken the necessary steps to protect that personal information. The law defines personal information as: first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) social security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident's financial account; provided, however, that 'Personal information' shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. Read the full text here: http://www.mass.gov/Eoca/ docs/idtheft/201CMR1700reg.pdf ILTA Source: homelandsecuritynewswire.com

• Cover