As a First Step

 

As a First Step

Check if you have adequate insurance to protect yourself against various losses, including data breaches, cyber-losses, cyber-extortion and social engineering (phishing) fraud scams. 

The Law Society 
has a good breakdown of the coverages that are available that the Law Society insurance does not cover.

The Sedona Conference Canada 
has prepared a commentary on privacy and information security for legal service providers — Principles and Guidelines (Aug 2020) that is well worth reviewing.

The Sedona Conference 
has also prepared a Commentary on a Reasonable Security Test (Sept 2020). This Commentary begins with a brief summary of the importance of having a test, the reasoning behind a cost/benefit approach for the test, and what issues the test does not address. Part I sets out the proposed test and the explanation of how it is applied. Part II provides review and analysis of existing resources that offer guidance on how “reasonable security” has been defined and applied to date and explains how they bear upon the test.

Create a data breach plan   
before you are hit with a breach that will allow you to deal quickly and decisively with any possible data breach. Lawyers Mutual of North Carolina has published a Data Breach Incident Response Plan Toolkit by Tom Widman, founder, president and CEO of Identity Fraud, Inc.

Inside your data breach plan 
Sharon Nelson, David Ries, and John Simek have written “Be Prepared — Planning for When Your Law Firm Suffers a Data Breach.” This article is a nice compact review of the issues to consider placing inside your data breach plan.

Protect personal information and data breaches 
The Office of the Privacy Commissioner of Canada and The Office of the Information and Privacy Commissioner of Alberta has published “Security Personal Information — A Self-Assessment Tool for Public Bodies and Organizations.” This comprehensive tool is an incredible resource for any organization seeking to examine their systems and procedures to protect personal information and data breaches.

DLA Piper  
has summarized Canadian privacy statutory data breach obligations.

The Canadian Bar Association   
has published an article in 2015 written by Jeffrey Kaufman entitled, “Law Firm Privacy Compliance in 10 Steps.