data protection in the ago christina beusch deputy attorney general wa state attorney general’s...
Post on 29-Dec-2015
224 Views
Preview:
TRANSCRIPT
DATA PROTECTION IN THE AGO
Christina BeuschDeputy Attorney General
WA State Attorney General’s Office
It’s Not Just Our Clients’ Problem!
• Paralegal: Where is that disk?• Legal Assistant: Oops – Wrong
email address!• AAG: I need a USB flash drive
to download documents to take to court.• Investigator: My car was parked right in front
of my house and the file was on the backseat.• Manager: It’s just easier if I travel with these
reports on my Kindle Reader.
Source of Privacy Obligations
• HIPAA/HITECH – AGO is a “business associate”
• State health information privacy laws, e.g. ch. 70.02 RCW
• State and federal personal information privacy laws e.g. RCW 42.56.590, Gramm-Leach-Bliley Act
• Attorney-Client and Work Product Privileges
Know Your Data
• Category 1 – Public Information • Category 2 – Sensitive Information –
not specifically protected but for official use only
• Category 3 – Confidential Information – privileged, personal/personnel, security
• Category 4 – Confidential Information Requiring Special Handling – strict legal requirements and sanctions apply, e.g. health information, SSNs, personal financial info
Create a Data Protection Program
• Assemble office experts to advise management and empower them to do the job
• Have strong senior executive support• Adopt specific and legally compliant
policies, procedures, and business rules to govern how staff are required to protect data and address breaches
• Document data protection obligations in client MOUs and vendor contracts
Implement a Data Protection Program
• Can’t have protection without education• Train new employees and existing employees
at regular intervals and document training• Create a culture of compliance, e.g. use
strategic plans, staff meetings, CLEs, signage • Keep up with technology –
identify new ways data can be compromised and find new tools to safeguard data so staff can do business
A “Toolkit”
• IT Security Policy• Mobile Device Policy• HIPAA/HITECH Policy• Breach Notification Protocol• Division/Unit Business Rules• Client MOU for HIPAA /HITECH Compliance• Contract language for HIPAA /HITECH
Compliance
top related