Skip to the main content.
APPLY NOW RENEW
Facebook Instagram Linkedin YouTube
ALPS Blog
Free Law Firm Guides
Assess Your Firm's Risk
ALPS VERA Icon
Free Risk Assessment Use our free Virtual Ethics Risk Assessment (VERA) tool to quickly and effectively understand where your firm falls in terms of risk management.
Insurance Glossary
← Blog Home

1 min read

How to Create a Data Security Plan

Picture of Mark Bassingthwaighte, Risk Manager Mark Bassingthwaighte, Risk Manager : Updated on November 14, 2023 | Posted on June 5, 2019

Law Practice Management Cybersecurity
How to Create a Data Security Plan

The belief that a computer or network breach is a ‘when,’ not an ‘if’ is practically dogma now. Given this reality, every law practice, regardless of size, should have a data security plan in place. Yes, I recognize this task can seem daunting — particularly if you have no idea where to start — but failing to do it simply isn’t an acceptable choice anymore. Here’s why: All clients absolutely expect that whatever sensitive and personally identifying information they provide to you will be properly safeguarded — period. And if that’s not motivation enough, remember our ethical rules and various state and federal regulations are also in play.

The good news is data security plans needn’t be drafted in the form of some long, convoluted treatise on IT security. It’s really more about creating “to do” lists and developing internal guidelines and policies. The entire process can be summarized as follows.

  1. Determine what sensitive and personally identifiable information you have and then identify all the locations where this information is stored.
  2. Determine if there is a legitimate reason to collect and maintain every piece of this information. If certain types of information aren’t really needed, stop collecting them.
  3. Figure out how to properly secure all information that must be kept and then take whatever steps are necessary to do so.
  4. Properly destroy any information that doesn’t need to be maintained. And finally, create an incident response plan so you know what to do if and when a breach occurs.

To help you move forward with this task, I encourage you to take a look at a useful guide put out by the Federal Trade Commission that is intended to help small businesses protect personal and sensitive information. This guide provides the details and instructions most small businesses need in order to make taking the above steps a palatable task. Finally, the FTC has also published a data breach response guide where additional information can be found on what to do if, and when, you experience a breach.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 
ALPS In Brief Podcast — Episode 29: Falling in Love with the Cloud

15 min read

ALPS In Brief Podcast — Episode 29: Falling in Love with the Cloud

Picture of Mark Bassingthwaighte, Risk Manager Mark Bassingthwaighte, Risk Manager : Feb 14, 2019

On this special Valentine’s Day episode of ALPS In Brief, Mark sits down with Joshua Lenon, lawyer in residence and data protection officer for Clio

ALPS In Brief Podcast Law Practice Management Cybersecurity
Read More
Most Dangerous Areas of Practice for Dabbling

4 min read

Most Dangerous Areas of Practice for Dabbling

Picture of ALPS Team ALPS Team : Apr 24, 2019

Asking an attorney not to “dabble” in an unfamiliar area of practice is an easy concept to grasp, but much more difficult to put in practice....

Tales from the Claims Files Law Practice Management
Read More
ALPS In Brief - Episode 70: Don’t Let These Coverage Concerns Surprise You

ALPS In Brief - Episode 70: Don’t Let These Coverage Concerns Surprise You

Picture of Mark Bassingthwaighte, Risk Manager Mark Bassingthwaighte, Risk Manager : Jul 13, 2023

ALPS In Brief Podcast Law Practice Management
Read More