The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
In recent years, the government has stepped in to help ensure that businesses proactively protect certain sensitive data. This includes information that can be used to distinguish or trace an individual's identity, as well as medical, educational and financial records. Federal privacy compliance provisions and requirements under HIPAA and the HITECH Act, along with state breach notification laws, provide some level of protection and financial penalties for failing to secure personal data. In light of the growing security risks, however, Congress is now considering a uniform national data security and breach notification law. Proposed legislation will likely require that organizations take a proactive approach to securing data, punishable by financial as well as criminal penalties for intentional and willful failure to provide notice of a security breach. As regulators place increased emphasis on information security, businesses will be compelled to respond. Avoid a Fumble Data transfer and access within and outside the firewall are of significant concern to both enterprises and law firms. How can organizations make sure they hold on to the ball? While the development of a formalized information security program is ideal for long-term success, it may require extensive planning and effort. Until you're ready to begin this endeavor, there are a few simple steps that can decrease data security risks drastically and result in quick or immediate successes. • Perform a Security Assessment: Every organization responsible for handling data should perform an internal assessment to determine its unique risks and to identify steps to remediate limitations or deficiencies. The goal of this analysis is to identify all material risks and to determine the severity level of those risks based on impact, exposure and probability of a security breach in the overall process. This will aid in efforts to formalize an information security program. Peer to Peer 13