• More
• Report a Problem
• Updates
• Briefcase

What Can Law Firms Do To Safeguard Client Files?
By the LOMAS Staff

With increasing concerns about identity theft and loss of privacy, now is the time for lawyers to review what security measures are in place to safeguard client files, generally. Are they adequate to preserve the confidentiality of the files? Security measures can be problematic for lawyers who share space, or lawyers in office buildings where the lawyer has no control over maintenance and janitorial staff. Just as with measures we must take to comply with HIPAA privacy rules, so should law firms take extra measures to prevent identity theft.

Here are some tried and true tips for preserving client/matter confidentiality and file security from the annals of good old fashioned law office policies:

• No one should have access to personal information in a client/matter file except those assigned to work on the file. Who has access to your
client files?

• Visitors, guests, clients, maintenance staff, janitorial staff, repairman and vendors should not be allowed to roam the office without being accompanied by a firm employee.

• Consider making offers of employment contingent on a clean criminal background check.

• Grant weekend and after hours access to the firm's offices to only those who must have 24-7 access. Keep an accurate record of those with access privileges, and review it regularly.

• No files are ever removed from the firm's premises without specific written authorization from an owner of the law firm. If a file must be taken out of the office, must it be the whole file?

• It is important to verify the identity of new clients. Also, during the course of the work, it is often necessary to verify and/or hold client's personal information. Use a checklist that risky information has been collected and verified. Redact the working copy for the file, and lock up the originals or the full copy, if the original was returned to the client. This would include birthdates, SSN's, DL numbers, birth certificates, passports, medical files, banking information, tax returns and the like.

• No one enjoys the task of putting up files at the end of the day, even though we know we're supposed to secure them. Just do it! This may mean installing a lock on the lawyer's private office door.

• Buy a shredder/shredders with enough capacity to handle the job for your firm's needs.

• Imaged files are more easily protected, but then how secure is the firm's file server? Are sensitive drives password protected? Does the firm change the password frequently? And, is access to the backup media adequately protected?

• Most lawyers and law firm employees have remote access to the firm's information, are there limits and boundaries in place to prohibit access to sensitive client/matter information? What is an employee capable of downloading on a laptop, from his/her PC?

• Never send a client's personal information to be copied at a commercial copy service center.

• Never release a file to another lawyer without obtaining the client's written permission.

• And, finally, here's a really old policy, but it works: If an employee's workspace is in the common area of the law firm, papers are turned face down when not actively working on same, and these papers/files are secured at the end of the day

Source: Click Here