Heads Up for Attorneys on Properly Handling a Client’s Personal Information

The Personal Information Protection Act (PIPA) was enacted in Illinois in 2012 to protect personal information from being wrongfully disclosed by businesses and vendors. However, the security of personal information is not simply an issue of concern for companies processing credit card information or corporations recording their employees’ social security numbers. Lawyers, too, must take special measures not to unlawfully disclose personal information in our day-to-day activities. Though the law has been in place for over two years, most lawyers are still misinformed regarding the handling of personal information.

According to Illinois Law, personal information is defined as a first-and-last name or a first-initial-and-last name paired with a social security number, a driver’s license or state identification card number, or bank account number or credit/debit card number. In addition, a bank account number or credit/debit card number paired with a PIN number or any other method of access to the account is considered personal information, even without a name attached.This information is not only commonly used in lawsuits, but also frequently transmitted in ways that are technically deemed unlawful in the State of Illinois.

For example, if a lawyer is referring to a bank account number for a case via email, the email containing the account number must be encrypted, and promptly deleted after viewing. In addition, any personal information cannot be printed, even if the information was received via encrypted email. Once personal information is accessed, the law dictates very specific ways of destroying it so that “personal information cannot practicably be read or reconstructed.” The law provides that any hard copies of personal information must be shredded, burned, or pulverized and that digital copies must be destroyed or erased. Personal information contained in court filings must likewise be confidentialized consistent with court rules. The take away is that in order to adhere to the Rules of Professional Conduct attorneys must stay current on these laws and implement procedures in their practice to ensure compliance.

            © Copyright 2015 Julie M. Bordo, LLC