Paralegals: On the Frontline of Data Privacy
Paralegals from across the Greater Philadelphia region gathered for the first time since 2019 at the ACC Paralegal Conference in Center City, Philadelphia, on Friday, November 4, 2022. TransPerfect Legal Solutions has been a long-standing sponsor of the event, and it was a pleasure to visit with everyone again and learn from this year’s expert speakers.
The conference’s theme was data privacy and data security, with additional discussion on the importance of our mental health as practitioners. Panelists addressed data privacy and security policies every organization should be implementing internally to protect their trade secrets, confidential business information, intellectual property, and personally identifiable information. Sessions included how to handle personal and business data, how to include this data in contracts, how to avoid and address ransomware attacks, and how to support mental health.
Privacy, Protection & Integrity
Jessica Colon, Esq., MPH, CHC, CCEP, and Lisa Tarr, CP, CIPP/E of West Pharmaceutical, started the day with a panel on data privacy. They discussed how data is ever present regardless of practice area, and failure to manage it properly could be a significant liability for your organization. Whether personal, corporate, or IP, data becomes information when you decide to do something with it. What you do and how you do it triggers many responsibilities.
There are currently no federal data privacy rules or regulations. Instead, states enact their protections in response to the international community's series of data security acts. Currently, eight states have rules in place for data (privacy/management), but they vary widely and are not necessarily consistent with one another or international standards.
Practical takeaways include:
- Leverage information governance software to monitor and identify where your private, personal, and confidential data is stored and how it moves within the IT environment.
- Use strong passwords, lock devices when not in use, and utilize VPN connections.
- Avoid unsecured Wi-Fi networks.
- Do not utilize personal devices for work.
General Contracts 101
Darya Natesova, Lead Procurement Counsel & LPG Supply at UGI Corporation, walked us through contracts and reminded us to focus on the absolute language of the contract—paying careful attention to the expectations and remedies.
Many contract disputes arise due to failed communication or provisions that are overly subjective. Performance standards and/or KPIs should be described to allow included parties to objectively define and measure success.
Tying into the first session, include specific language to address how personal, confidential, and private data will be handled. What happens if there is a data breach incident, and what constitutes an incident?
Does anything change when the contract ends or is terminated? Will the data be returned, destroyed, or sold? The contract should explain these items and include remedies.
Practical takeaways include:
- Use clear, objective language.
- Include milestones that measure success.
- Know how third-party providers are securing your data.
- Know what happens when you walk away.
Preparing & Responding to Ransomware Attacks
Evan Foster, Co-Chair of the Cybersecurity and Privacy Practice Group at Saul Ewing, discussed ransomware attacks and how one happens every 11 seconds.
The average cost of a ransomware attack is $4.35 million, and total, global damages are anticipated to be north of $10.5 trillion by 2025. These attacks exploit vulnerabilities in our computer systems when we inadvertently give outside access to view and encrypt our data. Without a complete backup of that data, systems are down, the data is exposed, and reputational harm happens.
More than 60% of ransomware victims are from the US; in 2021, 2,500 victims had their information posted on the dark web, and they paid an average ransom of $541K.
To protect ourselves, we need to create incident response plans and playbooks that document a repeatable and defensible approach. Cyber preparedness training and exercises help to educate and protect your organization and its data. These exercises often uncover challenges that would otherwise delay a real, active response. Identifying and planning for these challenges will save time, money, and even your organization’s reputation.
Third-party service providers may not have the same data security protocols in place as the customer they are servicing. In a nod to sessions one and two, make sure your contracts address data security.
Practical takeaways include:
- You are likely to be exposed to some sort of ransomware attack, but you can take precautions.
- Even with precautions, you need to be ready when an attack occurs—create an incident response plan and train your employees.
- Third-party providers may not have the level of data security that you require—choose carefully and establish detailed contracts.
The Burned-Out Paralegal & Imposter Syndrome
Brian Quinn, Esq., finished the day with a highly important discussion on mental health. Without good mental health, the challenges and responsibilities that we face every day can become insurmountable.
The Pennsylvania Bar Association has an established, free hotline for legal professionals to assist with mental health issues. There is often a stigma associated with mental health, but we are working to remove that and make this discussion as open and honest as possible.
Did you know that 65% of legal professionals feel that they could not take leave due to poor mental health? In 2017, 40% of people who called the PA BAR hotline had mental health issues. By 2021, 76% of people who called presented with poor mental health. This upward trend suggests that employers and employees are making an effort to understand how to address mental health.
Practical takeaways include:
- Taking care of your mental health is no different from your physical health—we need both to operate well.
- There is no shame in needing time off for mental health—we all need it.
- The PA BAR Hotline—Lawyers Concerned for Lawyers—is available at 888-999-1941.
Whether we are securing and protecting our data or securing and protecting our mental well-being, we need to be vigilant.