The Connecticut ACLU has released its 2013 Guide to Privacy Rights in Connecticut. (Thank you ACLU CT!). From the perspective of a lawyer’s ethical obligations to protect client information one may wish to turn to page 59 on which begins the section entitled Personal Identifying Data Held By Private Companies. I haven’t looked yet to see if there is an exclusion for law firms (doubtful) or for firms smaller than a certain size (doubtful too). Technology in general and data protection in particular have added layers of complexity to the practice of law that one ignores at one’s peril.
At the Cyber Risk seminar held during the Annual Meeting last Monday (June 17, 2013) one of the panelists observed that HIPPA applies to law firms in possession of client health records – personal injury firms, both plaintiff and defense, especially med mal, come to mind.
It’s hard to imagine how lawyers – other than those at the largest firms perhaps or at firms specializing in privacy law- can afford to understand all the “environmental risks” that face the practicing lawyer. By environmental risks I mean laws that create risks other than the risk of malpractice in the traditional sense, i.e. missing a statute of limitations, for example. Now one needs to worry about data security in a way and to a degree that simply wasn’t necessary when client data was stored in basements, garages and other musty places that few would ever want to break into. Now it seems there is a long line of parties interested in accessing digital data for any number of reasons.
As efforts are made to com-modify and thus simply the production of legal services, making them less expensive, the environment in which law is practiced is becoming more complex and presumably more expensive.