Archive for February, 2020

What You Might Not Know About Law Firm Security Requirements

Law firms are repositories of confidential data and information. However, in recent years, numerous law firm security breaches have been reported.

According to the ABA 2018 survey report, law firm security breaches occur across the board. Fourteen percent of solo practitioner attorneys, 24% of law firms with 2-49 attorneys, 42% of law firms with 50-100 attorneys, and 31% of law firms with more than 100 attorneys have been victims of law firm security breaches.

Therefore, it’s important to ensure that the law firm you or your business uses has the security measures in place to prevent data breaches.  

Potential Law Firm Security Risks

Whether it’s a stolen laptop or an elaborate hacking, when it comes to the security of a law firm, a breach is a breach.

Let’s look at a few things that can put a law firm’s security at risk:

  • Ignoring basic safety measures. All law firms should have comprehensive security policies and programs in place, focusing on employees, processes, and technology. Cybersecurity should be a critical consideration to prevent phishing attacks and malware threats.
  • Not scheduling regular security assessments. To prevent a security breach, especially a data breach, it’s of utmost importance that the firm prepare an inventory of data and information stored in different places in the office. How vulnerable are the data and information? What if they were stolen? Conducting regular assessments is critical to the security of the firm, irrespective of the size. Larger law firms are more prone to security breaches as they have a wider clientele and more data.
  • Not shredding old or data-sensitive legal documents. It’s extremely vital to destroy legal documents that are no longer required. Just one employee casually throwing legal documents in the recycle bin can lead to major law firm security breaches.

3 Law Firm Security Requirements That Need to be Followed

From business contracts to wills, estate planning to real estate deeds, medical records to pre-nuptial agreements, law firms handle massive amounts of data and information. Hackers or unauthorized persons who can access these documents threaten the safety of all clients, tarnish the firm’s online reputation, and ultimately lead to litigations against the law firm.

To ensure this doesn’t happen to the law firm you rely on for personal and/or professional legal services, here are three proven security tips they should be following to protect the firm from security breaches:

1. Comply with Customer Privacy Laws

Law firms must comply with laws related to the privacy of its clients. Different laws ensure consumer privacy, such as FACTA, Gramm-Leach-Bliley, and HIPAA. The firm must ensure that all employees understand these laws and mitigate data breaches via proper documentation. Research shows that up to 25% of information breaches in law firms are a result of employee error or negligence.

2. Establish and Maintain a Data Retention Policy

Many legal practices retain files comprised of data and information about clients for long periods of time. However, law firms are not obligated to maintain client records. By accumulating unnecessary documents and files, they increase the risk of unauthorized access. They need to inform clients before destroying their documents and files. And as a client, you possess the right to ask for the documents that the law firm may be holding.  

3. Partner with a Shredding Service Company

The best way to destroy documents with sensitive information is to shred them. Given the volume of documents law firms have in their possession, it doesn’t suffice to rely on small office shredders designed for occasional use.

A professional shredding services provider has industrial equipment that shreds quickly and inexpensively. They also offer a variety of services for shredding documents — at their facility or at the client’s office via mobile shred truck.

Ask your attorney how the firm handles the destruction of sensitive documents. If they don’t partner with a professional shredding services provider, share what you’ve learned about the laws they need to follow. You can also suggest they choose a company that is AAA Certified by the National Association for Information Destruction; this means they have the written policies and procedures in place to ensure employment verification is enforced and quality control is checked on an ongoing basis.

Securing Tax Documents: Where Does Your Tax-Related Information Go?

With tax season around the corner, you’re probably knee-deep in documents and paperwork — whether you do your taxes yourself at home, or work with an accountant or tax-preparation company. Either way, securing tax returns and tax-related documents should be at the top of your mind. Tax fraud is one of the most prevalent crimes in the U.S. today. In 2018 alone, 38,976 Americans were victims of tax fraud.

The Internal Revenue Service (IRS) typically has three years after the date you file your tax return — or the date your return is due — to audit a return. So you only need to keep your personal and tax-related information secure for that time period before destroying all relevant documents.

Retention Timelines Can Vary Across Documents

Different tax-related documents need to be stored safely after filing for both legal and security compliance. The IRS can ask you to provide random documents during the tax return audit. Here’s a list of documents that you should retain along with their retention timelines.

Documents That Should Be Retained For At Least 1 Year:

  • Month-on-month brokerage statements (checked against yearly statements and 1099s)
  • Pay stubs (checked against W-2s)

Documents That Should Be Retained For At Least 3 Years

  • 1098 and 1099 forms
  • Contribution toward tax-deductible retirement saving accounts (such as IRAs)
  • Charitable contribution receipts
  • Tax returns
  • W-2 forms

Documents That Should Be Retained For At Least 6 Years

  • 1099 forms
  • W-2 forms
  • All business expenses and receipts over the last 6 years
  • Annual investment statements
  • Proof of miscellaneous incomes — alimony, hobby income, jury duty, gambling, prize money, etc.

What Do Tax Preparation Companies and Accountants Do With Your Data?

If you have someone prepare your taxes, make sure you ask how they handle your tax-related information throughout the process of working with you. This applies to tax preparation companies and accounting firms.

Most tax preparation companies request your tax-related data via three different modes: email, remote access, and/or secure server. They then review your information and feed it into their tax preparation software. After entering the data, the company will audit your information and ensure it is correct and up to date. Once their due diligence is done, they will share the return with you through a transmission method of your choice, and ask you to review, sign and send the return back to them to submit on your behalf. At that time, you should confirm their process for securely storing and/or removing your personal information from their files and/or server.

Documents and Information You Must Destroy After Filing Your Taxes

  • Documents that have exceeded the retention timelines (as mentioned above)
  • Copies of digital files containing your personal/tax-related information
  • Any document comprising your name, address and a contact number that is not required for tax filing
  • ATM receipts, credit offers, sales receipts
  • Documents that are easily available online such as credit card statements, bank statements, etc.
  • Documents related to loans that have been paid off

Protecting Your Identity

When you’re ready to get rid of documents that have crossed their retention timelines, make sure you properly destroy your personal and tax-related information. This means shredding documents, not discarding them in the trash.

A professional shredding company is your best choice. They can shred all of your documents quickly, securely, and at your convenience. Make certain you choose a NAID AAA Certified shredding company, which means the shredding provider has written policies and procedures and quality control in place.