Issue link: http://read.uberflip.com/i/45522
ETHICAL WALLS AND CONFIDENTIALITY SCREENS: NOT JUST FOR CONFLICTS requirements to which law firms must adhere. Law firms need to be aware of these strict requirements and exercise control over support service providers that have access to personal information. ROADMAP TO SUCCESS IT leaders should take an active role in preparing their law firms to address the need for ethical walls and confidentiality screens. The following steps will help identify the deficiencies in your firm's policies and practices. • Identify Confidential Information: The first step is to identify where confidential client matter information resides. Create a data map for all firm applications and repositories. If confidential client information resides in repositories that cannot be controlled through a confidentiality screen, there should be a plan to migrate this confidential information to repositories that can be secured. • Restrict Access: Once you have identified confidential information that needs to be protected, your firm should have established, tested processes for restricting access to this information. Technology solutions can automate this process. • Provide Mandatory Education: Law firms need to have ongoing education for attorneys and staff to make them aware of emerging data privacy regulations, and sessions should be mandatory. Attorneys should acknowledge their understanding of confidentiality, especially as it applies to matters with which they are directly involved. If your law firm has locations across multiple jurisdictions, someone must be responsible for knowing the data privacy laws in those areas. With some regulations, it is required to notify authorities of data breaches, especially if the breached data contained personal information. MAKE SURE PROPER SCREENS ARE IN PLACE Ideally, repositories and applications that store confidential client matter information should be centrally maintained and managed by a firm's IT department, and all client matter information should be readily identifiable by the applicable client matter. The screening function should be centralized within the office that is primarily concerned with risk management and loss prevention issues. This is sometimes the responsibility of the firm's general counsel. There must be immediate and direct communication with affected users, records and IT staff. Screening processes should be documented and require affected individuals to acknowledge and comply with the screen. Screens should be regularly reviewed and removed when no longer needed. There should also be policies to notify appropriate governing bodies and clients of data breaches. Law firm confidentiality policies are often disconnected from requirements mandated by clients and regulatory bodies. Firms need to understand where they have gaps and commit to correcting deficiencies in policies and use of technology to ensure that their clients' confidential information is protected. ILTA www.iltanet.org Risky Business 39