1 / 7

DATA PROTECTION IN THE AGO

DATA PROTECTION IN THE AGO. Christina Beusch Deputy Attorney General WA State Attorney General’s Office. It’s Not Just Our Clients’ Problem!. P aralegal: Where is that disk? Legal Assistant: Oops – Wrong email address!

lars-mendoza
Download Presentation

DATA PROTECTION IN THE AGO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA PROTECTION IN THE AGO Christina Beusch Deputy Attorney General WA State Attorney General’s Office

  2. It’s Not Just Our Clients’ Problem! • Paralegal: Where is that disk? • Legal Assistant: Oops – Wrong email address! • AAG: I need a USB flash drive to download documents to take to court. • Investigator: My car was parked right in front of my house and the file was on the backseat. • Manager: It’s just easier if I travel with these reports on my Kindle Reader.

  3. Source of Privacy Obligations • HIPAA/HITECH – AGO is a “business associate” • State health information privacy laws, e.g. ch. 70.02 RCW • State and federal personal information privacy laws e.g. RCW 42.56.590, Gramm-Leach-Bliley Act • Attorney-Client and Work Product Privileges

  4. Know Your Data • Category 1 – Public Information • Category 2 – Sensitive Information – not specifically protected but for official use only • Category 3 – Confidential Information – privileged, personal/personnel, security • Category 4 – Confidential Information Requiring Special Handling – strict legal requirements and sanctions apply, e.g. health information, SSNs, personal financial info

  5. Create a Data Protection Program • Assemble office experts to advise management and empower them to do the job • Have strong senior executive support • Adopt specific and legally compliant policies, procedures, and business rules to govern how staff are required to protect data and address breaches • Document data protection obligations in client MOUs and vendor contracts

  6. Implement a Data Protection Program • Can’t have protection without education • Train new employees and existing employees at regular intervals and document training • Create a culture of compliance, e.g. use strategic plans, staff meetings, CLEs, signage • Keep up with technology – identify new ways data can be compromised and find new tools to safeguard data so staff can do business

  7. A “Toolkit” • IT Security Policy • Mobile Device Policy • HIPAA/HITECH Policy • Breach Notification Protocol • Division/Unit Business Rules • Client MOU for HIPAA /HITECH Compliance • Contract language for HIPAA /HITECH Compliance

More Related