Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

New Year’s Resolutions – Privacy & Security

Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, Security

Since it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life —  in 2012.

1.   Be sure to secure.

Many data breaches occur by leaving sensitive information lying around the office.  Keep documents containing sensitive data and personally identifiable information locked up.  A clean desk is a safe desk.  Also, make this the time to secure your home network.   Since many online banking and other types of activities occur across a home network, why allow drive-by hackers to compromise your information?

2.  Encrypt, Encrypt, Encrypt.

When transmitting sensitive information, make sure it is encrypted and transmitted over a secure connection.   This is not only a privacy and information security ”best practice,” it is also required by several laws and industry body regulations, including the HITECH Act (for electronic protected health information), the Massachusetts data security regulations, and the Payment Card Industry Data Security Standards (for credit card information).

3.  If you don’t need it, don’t take it.

Data breaches often occur when a laptop or document files are stolen from an employee’s home, or lost while in transit.  If you don’t need to work with sensitive data outside the office, don’t take it with you.

4.   Once you have read it, shred it.

If you no longer need files or documents containing sensitive information, destroy them using proper methods.  Using a secure file deletion program or an “e-shredder” is an effective way to destroy electronic copies.  Again, this isn’t just “best practice” in many situations — it’s the law (e.g., FTC Disposal Rule, Mass. Gen. Law 93I, HIPAA Privacy Rule).

5.   Browse intelligently.

Make sure that your web browser’s security and privacy settings are set to an appropriate level.  When traveling, or using a personal computer, be sure to delete web or temporary file caches so your “e-footprints” don’t expose any sensitive information.

6.    Never engage with a spammer.

  While unsolicited commercial emails (“spam”) are annoying, do not e-mail or otherwise contact the spammer unless you use a valid “unsubscribe” link at the bottom of the email.   It only serves to confirm your email as “live” and may actually increase the amount of spam you receive. Don’t open email or attachments from anyone you do not know.   Remind employees of this at work to avoid your company’s information being compromised by phishing scams.

7.  Make your passwords complex.

The passwords you use for your email, online banking, network access, or any other services that contain your private information — or the confidential information of your company/employer — should not be simple or easily guessed.   The best passwords are a mix of numbers, characters and letters.   If your company does not have a password policy, 2012 is a good time to start.  And,  mix up your own passwords.   Utilization of the same password across all your electronic activities is an invitation to be hacked.

Here’s to a happy and SAFE 2012!!