![Page 1: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/1.jpg)
2020 Family Law Seminar Data Privacy Issues in Family Law (For Clients and Practitioners)
Friday, July 24, 2020
AM Session
WEBCAST
Maureen Fulton, Koley Jessen P.C., L.L.O.
The NSBA’s Family Law Section presents:
![Page 2: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/2.jpg)
This page intentionally left blank.
![Page 3: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/3.jpg)
SPEAKER BIO
Maureen Fulton dedicates her practice to advising businesses in developing comprehensive privacy and data security programs. Maureen guides companies in navigating through state, federal, and international privacy laws and regulations. She also performs data privacy and security due diligence for buyers and sellers in merger and acquisition transactions.
Maureen has worked with businesses to obtain certification under the EU-U.S. Privacy Shield and to ensure compliance with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018 (CCPA). She has assisted clients in preparing for and remedying data breach incidents and identifying the associated litigation risks.
One of the founders of Koley Jessen’s Data Privacy and Security practice area, Maureen is a member of the International Association of Privacy Professionals and has frequently presented on data privacy and security issues.
![Page 4: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/4.jpg)
This page intentionally left blank.
![Page 5: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/5.jpg)
1
MAUREEN E. FULTON
Data Privacy Issues in Family Law
Nebraska State Bar Association Family Law SeminarJuly 24, 2020
![Page 6: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/6.jpg)
2
Introduction• Data Privacy and Security practice area at Koley Jessen• Why this topic is relevant to your practice
![Page 7: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/7.jpg)
3
Agenda• What is personal data?• U.S. Federal Data Privacy Laws• U.S. State Data Privacy Laws• How to Counsel Family Law Clients on Data Privacy
Compliance• Ethical Obligations For Law Firms Related to Data Security
![Page 8: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/8.jpg)
4
What is “personal data”?• It depends on which law is being applied. • The California Consumer Privacy Act describes “personal
information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
![Page 9: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/9.jpg)
5
PATCHWORK OF FEDERAL STATUTES
U.S. Federal Data Privacy Framework
![Page 10: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/10.jpg)
6
Let’s use mnemonic devices to learn U.S. Privacy Laws
![Page 11: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/11.jpg)
7
When you hear about:
Privacy issues related to Education, think: FERPA
A Furby
![Page 12: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/12.jpg)
8
When you hear about:
Privacy issues related to health information, think: HIPAA
HIPAA-Hippopotamus
![Page 13: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/13.jpg)
9
When you hear about:
Online privacy issues related to children, think: COPPA
COPPA-(Copa)cabana Beach in Rio de Janeiro
![Page 14: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/14.jpg)
10
Other U.S. Federal Data Privacy Laws Affecting Parents and Children
• CFAA (Computer Fraud and Abuse Act)• ECPA (Electronic Communications Privacy Act)• SCA (Stored Communications Act)• The Privacy Act• PPRA (Protection of Pupil Rights Amendment)• CIPA (Children’s Internet Protection Act)• NSLA (National School Lunch Act)
![Page 15: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/15.jpg)
11
National Discussions of New Federal Legislation• Business Roundtable Open Letter• Biggest remaining issues are preemption and enforcement (i.e.
private right of action or government enforcement).• Another important issue: Should federal legislation regulate
what companies do with information or simply requiretransparency?
![Page 16: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/16.jpg)
12
State Data Privacy Laws
![Page 17: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/17.jpg)
13
Data Privacy Existing State Laws• Data Security• Breach Notification• Social Media Privacy• Social Security Numbers• Add-Ons to Federal Laws (such as HIPAA)• Records Disposal• Payment Card Transactions• Telephone Call Recording
![Page 18: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/18.jpg)
14
Data Breach Notification Laws• Timing of notification requirement (from 30 days to “as soon
as practicable”)• Attorney General Notification• Broadening scope of “personal information” definition• Specific information to be provided in notice letters
![Page 19: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/19.jpg)
15
Data Breach Notification in Nebraska• Nebraska Financial Data Protection and Consumer Notification of
Data Security Breach Act (Neb. Rev. Stat. §§ 87-801 to 87-807)• Unauthorized acquisition of unencrypted data that compromises
personal information• Must provide notice to affected individual and the Nebraska
Attorney General
![Page 20: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/20.jpg)
16
Social Security Laws• More than 30 states have adopted laws restricting or
prohibiting the collection, use, or disclosure of SSNs• A business should consider taking the following steps:
• Determine if you collect or maintain SSNs• Review and update your policies and procedures to comply with
state law• Train employees on the new policies and procedures• Audit your employees to ensure they are complying with the
policies and procedures
![Page 21: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/21.jpg)
17
THE NATION’S STRICTEST DATA PRIVACY LAW
The California Consumer Privacy Act of 2018
![Page 22: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/22.jpg)
18
Who Must Comply With the CCPA?Most companies with California-based assets or customers. Businesses that:1. Collect personal data of CA residents,2. “Do business” in CA, and3. Meet one of the following criteria:
a) Has annual gross revenue of $25 millionb) Receives personal data of 50,000 or more consumers, orc) Obtains 50 percent or more of its revenue from the sale of California
residents’ personal data
![Page 23: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/23.jpg)
19
CCPA: Lots of Compliance Components• Data Mapping• Update External Privacy Notice• Comply with DSARs (Data Subject Access Requests)• Create Process for Opting out of Sale of Personal Information• Vendor Contract Compliance• Written Information Security Plan
![Page 24: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/24.jpg)
20
CCPA: Digging Into Your DataIn order to comply with CCPA, the most important things companies need to know about their data are:
• what personal information a business holds about California residents;
• where that information is stored;• to whom that information is disclosed; and • how to access and delete the information if requested
![Page 25: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/25.jpg)
21
Legal Exposure Under the CCPA• CA AG can institute up to $7,500.00 fine for each “violation”• Limited private right of action (think class action)
![Page 26: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/26.jpg)
22
Counseling Family Law Clients on Data Privacy Compliance
![Page 27: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/27.jpg)
23
Spousal Protection of Data and Accounts• A client should take certain steps to ensure the privacy of
their information and accounts from their spouse, such as: • Change passwords and security questions • Stop sharing calendars• Turn off location tracking • Stop text messages from sharing to other devices
• A client should not log onto their spouse’s computer or accounts
![Page 28: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/28.jpg)
24
Nest Cameras: Who Has Rights?• 3 levels of members for Nest family accounts• All family members are notified of a data request by
another member• The owner and full access members can remove
anyone from the family account, except the owner
![Page 29: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/29.jpg)
25
Children’s Data: Who Has Rights?• COPPA and FERPA• School districts’ rights to children’s data • Social Media
![Page 30: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/30.jpg)
26
Managing Children’s Online Privacy• Know about COPPA• Read privacy policies • Manage privacy settings on apps• Use parental controls • Educate children
![Page 31: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/31.jpg)
27
Children’s Online Privacy in Parenting Plans• Parents can agree to a social media plan
• Discuss how the children will use the internet and social media
• Consider if parents will monitor their children’s online presence and communication and then decide how they will do so
![Page 32: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/32.jpg)
28
Ethical Obligations for Law Firms Related to Data Security
![Page 33: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/33.jpg)
29
Roadmap
• Types of Data Held by Law Firms• Nebraska Rules of Professional Conduct Related to Data
Security• ABA Formal Opinion• Association of Corporate Counsel Model Controls• Data Breach Horror Stories• Best Practices for Law Firms
![Page 34: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/34.jpg)
30
Types of Data Law Firms are Trying to Protect• Personally identifiable information (PII).
• 75% of compromised data is PII.• Protected health information (PHI).• Client identity, information and data. • Attorney-client privileged information.• Credit card information.• Trade secrets.• Employee information.• Business and financial information.• Firm Credentials
30
![Page 35: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/35.jpg)
31
Neb. Ct. R. of Prof. Cond. § 3-501.1 - Competence
• A lawyer shall provide competent representation to a client. Competentrepresentation requires the legal knowledge, skill, thoroughness,preparation and judgment reasonably necessary for the representation.
• Comment [6] to Rule 3-501.1: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
![Page 36: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/36.jpg)
32
Neb. Ct. R. of Prof. Cond. § 3-501.4 - Communications
• (a) A lawyer shall:• (1) promptly inform the client of any decision or circumstance with respect to
which the client's informed consent, as defined in Rule 1.0(e), is required by these Rules;
• (2) reasonably consult with the client about the means by which the client's objectives are to be accomplished;
• (3) keep the client reasonably informed about the status of the matter;• (4) promptly comply with reasonable requests for information; and• (5) consult with the client about any relevant limitation on the lawyer's
conduct when the lawyer knows that the client expects assistance not permitted by the Rules of Professional Conduct or other law.
• (b) A lawyer shall explain a matter to the extent reasonably necessary to permit the client to make informed decisions regarding the representation.
![Page 37: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/37.jpg)
33
Neb. Ct. R. of Prof. Cond. § 3-501.6 -Confidentiality of Information
• A lawyer shall not reveal information relating to therepresentation of a client unless the client givesinformed consent. A lawyer may reveal such informationto the extent the lawyer reasonably believes it isnecessary to:
• Prevent reasonably certain death or substantial bodily harm;• Secure legal advice about compliance with these Rules;• Establish a claim or defense on behalf of the lawyer in certain
instances; and• Detect and resolve conflicts of interest.
![Page 38: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/38.jpg)
34
Rule 3-501.6 - Confidentiality of Information• Comment [16]: When transmitting a communication that includes
information relating to the representation of a client, the lawyer musttake reasonable precautions to prevent the information from cominginto the hands of unintended recipients. This duty, however, does notrequire that the lawyer use special security measures if the method ofcommunication affords a reasonable expectation of privacy. Specialcircumstances, however, may warrant special precautions. Factors to beconsidered in determining the reasonableness of the lawyer'sexpectation of confidentiality include the sensitivity of the informationand the extent to which the privacy of the communication is protectedby law or by a confidentiality agreement. A client may require thelawyer to implement special security measures not required by thisRule or may give informed consent to the use of a means ofcommunication that would otherwise be prohibited by this Rule.
![Page 39: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/39.jpg)
35
ABA Formal Opinion 477
• Securing Communications of Protected Client Information• “[A] lawyer should keep abreast of changes in the law and its
practice, including the benefits and risks of technology…”• In order to comply with their general obligations under the Rules, lawyers must
continuously analyze how they communicate electronically about clientmatters, applying the following factors to determine what efforts arereasonable:
• The sensitivity of the information;• Likelihood of disclosure without additional safeguards;• Cost of and difficulty in employing additional safeguards; and• Extent to which the safeguards adversely affect the lawyer’s ability to
represent clients.
![Page 40: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/40.jpg)
36
Association of Corporate Counsel Model ControlsClients are Requiring Security – The Association of Corporate Counsel
Model Controls require internal security and privacy policies that include:
• Security policy; organization of information security; assetmanagement; human resources security; physical and environmentsecurity, communications and operations management, access control,etc.
• Retention; return/destruction; certification of destruction of records.• Encryption in transit, at rest, stored on portable devices, etc• Data security breach reporting.• Physical security protections.
36
![Page 41: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/41.jpg)
37
Association of Corporate Counsel Model Controls
• Logical access controls.• Monitoring.• Vulnerability controls and risk assessments – at least
annually.• System administration and network security.• Company has security review rights to inspect, examine
and review outside counsel records, practices andprocedures used in rendering services.
• Cyber liability insurance with minimum coverage level of$10,000,000.
37
![Page 42: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/42.jpg)
38
Verizon 2020 Data Breach Investigations Report
• Annual report conducted the past 13 years.• Information gathered by Verizon independently and through the
help of contributing organizations.• Provides data to organizations regarding latest threats in data
security and privacy.• Provides individual data for specific industries.
![Page 43: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/43.jpg)
39
Verizon 2020 Data Breach Investigations Report
• Tactics, Actors, and Victims• Attack Types
• Malware• Hacking• Social Engineering
• Professional, Scientific, and Technical Services Industry
![Page 44: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/44.jpg)
40
Real-Life Law Firm Data Breaches
![Page 45: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/45.jpg)
41
Most Common Scenarios Involving Data Breaches• Devices with unencrypted data are stolen or lost.• Security patches (software fixes issued by
manufacturers) are not installed.• Lawyers and staff are not trained about social
engineering. • Malware comes in via an attachment or through social
media (like spear phishing). • Hackers, cybercriminals and even nations find
vulnerabilities in your network. • Hackers enter through third party vendors’ unsecured
networks.
41
![Page 46: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/46.jpg)
42
![Page 47: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/47.jpg)
43
![Page 48: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/48.jpg)
44
![Page 49: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/49.jpg)
45
In May 2020, 193 Firms Were Exposed
• User names, IDs, and passwords exposed.• Impacted firms ranging from largest to small
boutiques.• 10,000 legal documents leaked.Hackers got in through unsecured database belonging to a large software company.
45
![Page 50: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/50.jpg)
46
Ramifications of Data Breaches
• State Ethics/Licensing Issues• HIPAA fines and penalties• Contractual liability
• Business Associate Agreement• Client Engagement
• General privacy claims
46
![Page 51: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/51.jpg)
47
Installing Safeguards47
![Page 52: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/52.jpg)
48
Data Security Policies & Procedures for Law Firms
• Workforce Training• Discipline
• Policy Review• Amendments
• Record Retention and Destruction• Shredding bins
• Accounting of Disclosures and Breach Notification• Reporting improper uses and disclosures• Everyone’s responsibility
48
![Page 53: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/53.jpg)
49
Data Security Policies & Procedures for Law Firms
• Technical Safeguards• User ID• Automatic Logoff // Screen Timeout• Encryption
• Mobile Device Policy• Password Protected• Lock after predetermined unsuccessful attempts• Must have firewall and antivirus installed and
operational
49
![Page 54: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/54.jpg)
50
Data Security Policies & Procedures for Law Firms
• ID Badge // Fob• Sharing prohibited
• Password Policy• Smartphones (4 Character)• Other (20 Character)• Change required every six months
50
![Page 55: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/55.jpg)
51
Data Security Policies & Procedures for Law Firms
• Remote Access Policy• Only Firm-owned devices• Unsecured networks prohibited
• Internet Use Policy• Appropriate Use• Inappropriate Use
51
• Email Use Policy• General Terms• Appropriate Use• Inappropriate Use
![Page 56: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/56.jpg)
52
Software is Important to Keep Your Data Secure...
52
![Page 57: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/57.jpg)
53
But So Is User Training!53
![Page 58: 2020 Family Law Seminar€¦ · manufacturers) are not installed. • Lawyers and staff are not trained about social engineering. • Malware comes in via an attachment or through](https://reader034.vdocument.in/reader034/viewer/2022051806/5ffdb3d99277f60f430d327d/html5/thumbnails/58.jpg)
54
Cybersecurity During COVID-19?
• IT and security professionals report 71% in threats or attacks since outbreak.
• Employees are more relaxed in work-from-home environment.• Less secure networks in home offices.• Hackers posing as the World Health Organization amid pandemic
concerns.
54