Posted on October 23, 2012 by admin
Corporate legal departments and law firms that host and review data online bear a significant responsibility to ensure that personally identifiable information (PII) remains protected. According to the Social Security Administration, identity theft is one of the fastest growing crimes in America, and the Federal Trade Commission (FTC) estimates approximately nine million Americans have their identities stolen each year. Most of these crimes rely heavily on a single piece of information ? the Social Security number (SSN). As more and more information moves online, criminals have developed a variety of methods to steal information, and the majority of these lost or stolen SSNs are a result of database security breaches. By stealing SSNs, criminals can commit financial fraud, open new lines of credit, empty bank accounts and even rack up false medical bills. This means that protecting access to SSNs in the digital era is more important than ever.
When organizations collect large volumes of data during discovery, and especially when client information is collected, sensitive information is often swept up in the collection and processed. With hackers? ability to break into any computer system, it is imperative that document management databases be safeguarded. If there is a security breach, innocent bystanders may become victims of identity theft, and the organization hosting the data will almost certainly be held responsible and endure a public relations nightmare.
The FTC, acutely aware of the risks of collecting and hosting data that contains PII, has written and published their own security guidelines to ensure that data is protected. Firms hosting data internally in a Concordance, Summation, Relativity or other proprietary database should consider implementing security measures and policies that track the FTC guidelines. If a third-party provider is used, firms are well-advised to consider the provider?s security systems in light of those guidelines and perform an audit of their environment. Most reputable providers offer top-notch security, and for many firms these providers may represent a more economical option than the attempting to set up a firewall in-house.
While sensitive information is particularly vulnerable when firms are hosting data, it can also be compromised when turned over to adversaries or government entities, or when it is filed with the court. Rule 5.2 of the Federal Rules of Civil Procedure, as well as many state equivalents and industry regulations such as the Health Insurance Portability and Accountability Act (HIPAA), require privacy protection for parties or non-parties whose information may be included in court filings. Such information includes not only SSNs, but also taxpayer-identification numbers, birth dates, financial account numbers and the names of minors. As awareness of identity theft increases, courts have become increasingly intolerant of un-redacted PII and have recently granted sanctions when sensitive information has been exposed.
Read more?
Tags: Computer Forensics, Data Protection, E-discovery, FTC, Identity Theft, Law, Legal, Legal Technologynewsweek Tony Scott UFC 151 empire state building Todd Akin Hurricane prince harry
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.