by Tricia Oliver
Following welcome remarks from MBA President Valerie A.
Yarashus, the Opening Plenary Session at AC10 focused on the newly
implemented data privacy regulations. Sponsored by Catuogno &
Sten-tel Court Reporting, the session offered a wealth of practical
advice for attorneys and law firms.
Although there is no "one-size fits all" standard for
compliance, panelist David Felper of Bowditch & Dewey shared
practical steps attorneys can take to limit the risk of a breach.
Felper explained that written procedures and plans are not
sufficient and that firms need to have "an ongoing obligation to
train employees" on compliance issues.
"There can be significant damages," he warned. Felper also
explained that the attorney general's office has taken measures to
make sure companies comply with the data privacy laws that went
into effect March 1. However, he did say that "we don't expect to
see widespread audits."
Co-panelist Scott D. Schafer, chief of the Consumer Protection
Division in the Office of Massachusetts Attorney General Martha
Coakley, confirmed that. "Currently, the attorney general's office
has not authorized any audit program" as part of the enforcement of
these new regulations.
Schafer then went on to offer lawyers guiding principles on how
to prevent a privacy breach and how to properly report one should
it occur. He referred attorneys to
www.mass.gov/ag/consumerprotection as a resource.
"Enforcement of data security is by no means new," said Schafer,
whose office led the 44-state investigation of TJX's breach that
occurred in 2007.