Immigration Practice News

January 2014 (Vol. 5, No. 2)

Issue link:

Contents of this Issue


Page 4 of 5

Data Privacy Tips for Small and Medium-Sized Practices by Becki Young "Identify the types of data you collect, how long you retain the data, what you do with the data and with which vendors and third parties you will share the data" O nline privacy has emerged as an important compliance issue for companies that collect and use "personal data" about employees and customers. The Federal Trade Commission's recent consent decrees against Facebook and Google, arising out of the agency's "Section 5" authority, state that companies of all sizes should be transparent about how personal data is collected, used and shared. In addition, companies should take adequate steps to secure all personal data collected. Saira Nayak, director of policy for TRUSTe, helps companies to safely and strategically collect and use personal data to power their businesses. She recommends small and medium-sized law firms consider implementing the following three approaches to address data privacy concerns in their practice: Map Your Data and Disclose In a Privacy Policy Identify the types of data you collect, how long you retain the data, what you do with the data and with which companies may also consider getting certified under ISO standards for information security management. Institute a BYOD and Social Media Policy vendors and third parties you will share the data. You should also have a privacy policy that notifies the user about these specifics. Secure Your Data Assets Create and institute a data security management policy to cover how personal data is used and shared (e.g. encrypting sensitive information during transmission, prescribing employee access to databases, making sure third parties have similar privacy and security policies, etc.). Some Personal data concerns can also arise from actions by employees— especially those who use their own devices for work purposes. It's important to have a bring your own device or "BYOD" policy for employees who use their own devices to access the firm's network, including the firm's email, calendar and contact systems. Such a policy should include which devices are allowed, define required security and service policies as well as the ownership of apps and data, specify which apps are allowed or banned, and outline what happens when an employee leaves the firm. Similarly, it's also good to have an employee policy that outlines the firm's position for communicating via social media (Facebook, LinkedIn, Twitter, YouTube, and blogs). Some good examples of social media guidelines from various companies can be found on the Social Media Governance website. Having privacy and security policies that govern personal data collection are valuable ways for small and medium-sized law firms to address and ensure the privacy concerns of their clients. In addition, implementing a BYOD and social media policy will help manage the expectations of employees and clients by establishing clear guidelines for the use, storage, and dissemination of data. In other words, by taking these steps you are demonstrating that you run a well-managed, tech-savvy firm! Becki Young is Of Counsel at Baker & McKenzie in Washington, DC focusing on global employment-based immigration law. Ms. Young co-edited the AILA publication Immigration Options for Essential Workers, coauthors the Going Global series in AILA VOICE and serves on the AILA National Practice Management Committee. 5

Articles in this issue

Links on this page

Archives of this issue

view archives of Immigration Practice News - January 2014 (Vol. 5, No. 2)