Lawyer Portal Careers Contact Us

Law Society of Alberta

  • Who We Are
    • Indigenous Land Acknowledgements

      Indigenous land acknowledgements to recognize the traditional territories that the Law Society of Alberta serves.
      • About Us
      • Executive Leadership Team
      • Board & Committees
        • Board Directory
        • Board Meetings
        • Committees
        • Other Bodies
      • Key Initiatives
        • Indigenous Initiatives
        • COVID-19 Updates
      • Engagement with Public and Profession
      • Affiliations
      • Annual & Financial Reports
      • Strategic Plan
      • Awards & Scholarships
        • Distinguished Service Awards
        • Recognition of Service
        • Scholarships
      • Frequently Asked Questions
  • For the Public
    • Complaints

      Find out more about the types of complaints the Law Society can or cannot help you with and how to file a complaint.
      • Find a Lawyer
      • Complaints
      • Finding Files & Wills
      • Public Resources
      • Financial Claims
      • Notices
      • Careers
  • Lawyers & Students
    • Become a Lawyer in Alberta

      Find information on how to apply to be a lawyer in Alberta whether you are internationally trained, a law student or a lawyer from another Canadian jurisdiction.
      • Become a Lawyer
      • Membership Services
      • Forms & Certificates
      • Making A Payment
      • Trust Accounting & Safety
        • Responsible Lawyers
        • Filing Requirements
        • Anti-Money Laundering Model Rules
      • Professional Development
      • Fraud & Loss Prevention
      • Practice Advisors
      • Practice Management Consultations
      • Approved Legal Services Providers
      • Complaints
      • Equity Ombudsperson
      • Alberta Lawyers Indemnity Association
        • Report a Claim
        • Group Policy
        • ALIAlerts
        • ALIAdvisories
  • Resource Centre
    • Newest resource:

      Working Remotely — Applying the National Mobility Rules
      • Learning Centre
      • Student Resources
      • Public Resources
      • Disaster Planning and Recovery
      • Upcoming Events
      • Media Room
      • eBulletins
      • Latest News
      • Lawyer Programs
        • Mentor Connect
        • Mentor Express
        • AdvisorLink
        • Locum Connect
        • Practice Management Consultations
        • SoloNet
        • Assist
      • Key Resources
        • Client Relationships
        • Communication & Research
        • Equity & Diversity
        • Ethics & Professionalism
        • Practice Management
        • Substantive Legal Knowledge
        • Trust Accounting & Safety
        • Wellness
        • Webinars
  • Regulation
    • Act, Code & Rules

      The Law Society of Alberta derives its authority from the Legal Profession Act and sets out standards through its Rules and Code of Conduct.
      • Act, Code & Rules
      • Hearings
        • Schedule
        • Decisions & Outcomes
        • Complaint Dismissal Appeals
        • Adjudicator Directory
        • Tribunal Office
      • Notices
        • Custodianship
        • Disbarment
        • Reinstatement
        • Resignation
        • Suspension
      • Unauthorized Practice of Law
  • Find a Lawyer
Resource Centre
  • Learning Centre
  • Lawyer Programs
    • Mentor Connect
      • Mentor Moments
    • Mentor Express
    • AdvisorLink
      • AdvisorLink Online Request
    • Locum Connect
      • Locum Listing
      • Locum Opportunity Listing
    • SoloNet
  • Key Resources
    • Client Relationship Management
    • Communication, Analytical & Research Skills
    • Ethics & Professionalism
    • Equity & Diversity
    • Practice Management
      • Leaving the Practice of Law
      • Returning to Practice
    • Substantive Legal Knowledge
    • Trust Accounting & Safety
    • Wellness
    • Webinars
      • Approved Legal Services Provider Webinar
      • Respectful Workplace Model Policy Webinar
  • Disaster Planning and Recovery
  • Student Resources
  • Public Resources
  • Upcoming Events
  • Media Room
  • eBulletins
  • Latest from the Law Society
  • Home
  • Resource Centre
  • Key Resources
  • Ethics & Professionalism
  • Privacy Breached: Now What?
Privacy Breached: Now What?

“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” FBI Director Robert Mueller

For hackers, lawyers represent a high value target. Billions of dollars flow through Alberta lawyers’ trust accounts every year ($173B reported in 2018) and lawyers’ files contain extremely valuable personal and commercial information. Robert Mueller’s comments apply with force to the legal profession.

It is also said that the weakest link in any security system lies somewhere between the office chair and the keyboard. Innocent mistakes are among the most common reasons why law firms suffer security breaches.

All of this requires law firms to be diligent in how they handle and protect their data. You are the last line of defence in data protection.

What is a Privacy Breach?

A privacy breach occurs when there is unauthorized access to, or loss or disclosure of, personal information.

Some examples include losing a client file, being hacked or downloading malware, and forgetting a laptop in an airport lounge or coffee shop.

When a privacy breach occurs, you may have to notify the Office of the Information and Privacy Commissioner (OIPC) of Alberta and the Law Society of Alberta. Alert your insurance agent to gain access to any cyber coverage you may have purchased. You may also have to notify any affected parties – including clients, if it is their data that has been breached.

Breach Reporting – OIPC

The Personal Information Protection Act (PIPA) governs the collection, use and disclosure of personal information by law firms in Alberta.

Under PIPA, law firms must report any privacy breaches involving personal information to the OIPC. Although PIPA doesn’t contain specific timeframes, you must alert OIPC “without unreasonable delay”.

The threshold test is whether there has been any unauthorized access to, or loss or disclosure of, personal information that has a real risk of significant harm to individuals. This applies if even only a single individual is affected. The following factors apply:

  • the number of individuals affected
  • the type of personal information disclosed
  • the extent of the loss or disclosure.

When notifying OIPC, you must include the following:

  • A description of the circumstances of the breach,
  • The date or time period when the breach occurred,
  • A description of the personal information involved,
  • An assessment of the risk of harm,
  • The number of individuals facing a real risk of significant harm,
  • Steps taken to reduce the risk of harm,
  • Steps taken to notify individuals of the breach, and
  • Contact information of someone who can answer any questions from OIPC.

Although law firms must notify the OIPC of any breach that meets the threshold test, there is no automatic requirement for you to notify those affected. The OIPC may require you to do so.

Failing to report a breach can result in serious consequences, including fines of up to $10,000 for individuals and up to $100,000 for organizations.

For more information and the forms required to report a breach, visit How to Report a Privacy Breach on the OIPC website.

Breach Reporting – Law Society
Data breaches can also trigger consequences under the Code of Conduct.

Although the Code does not explicitly require you to notify clients or the Law Society when you suffer a breach, it is important to consider the ethical implications of failing to do so.

You must advise the Law Society of any situation in which clients are likely to be materially prejudiced (Rules 7.1-1(f) and 7.1-3(f)) and notify ALIA of any circumstances that could give rise to a claim (Rule 7.7-2).

If you discover a material error or omission that may be damaging to a client, you should promptly inform the client of the error or omission, recommend that they obtain independent legal advice and let them know you may no longer be able to act for them (Rule 7.7-1).

You must not disclose a client’s or former client’s confidential information to their disadvantage (Rule 3.3-2). A privacy breach could involve unauthorized access to, or loss or disclosure of, personal information which could engage this rule.

Further, you have an obligation to preserve client property, which includes client correspondence and files (Rule 3.5-1).

If a privacy breach involves disclosure of a client’s financial information, that may put your client’s funds and your trust account at risk. Should this happen, you should inform the Trust Safety department as soon as possible.

If you are unsure whether a report should be made, contact one of the Practice Advisors at 1.866.440.4640 for confidential guidance.

Breach Reporting – Cyber Insurance

As soon as you suspect the theft, loss or unauthorized disclosure of or unauthorized access to personally identifiable data within your custody, care or control, notify your insurance agent.

If you previously bought cyber coverage, this early notification will allow your insurance provider to develop a roadmap to investigate the technical components of the breach, craft a suitable response plan, and get the right resources in place to identify the extent and scope of any data compromise.

Try to preserve all evidence and secure IT systems and ensure that there is an appropriate chain of custody established to respond to the breach.

Prevention

PIPA requires all law firms to follow reasonable policies and practices in order to meet their obligations under PIPA.

It is important to also remember that firms can only collect, use or disclose personal information for reasonable purposes.

All law firms should take steps to implement reasonable practices to minimize the risk of a privacy breach. Examples include:

  • Disabling email address auto-fill and enabling automatic delay of outgoing email. See Two Email Tips to Save You from Heartache for instructions on how to do this
  • Implementing office policies related to file retention and privacy
  • Training to ensure that staff are aware of your policies, such as ensuring doors to the building are locked overnight
  • Ensuring that appropriate safeguards are in place such as security software and a filing system
  • Conducting regular cyber security tests and exercises to help identify security risks in scenarios relevant to your firm

Always remember – you are the human firewall.

For more information, visit Law Firms and Security Strategies for Today’s World, Top 10 Ways to Secure Your Online World, Trust Shortage and Reporting and Computer/Network Security Checklist on the Law Society website.

By: Len Polsky, Manager Practice Management and Eleanor Platt, Student-at-Law

Printed from https://www.lawsociety.ab.ca on April 18, 2021 at 3:21:23 AM
Law Society of Alberta ©2021 Law Society of Alberta.
  • Latest
  • Contact Us
  • Privacy
  • Sitemap
  • Careers
©2021 Law Society of Alberta.
  • Who We Are
    • Back
    • About Us
    • Executive Leadership Team
    • Board & Committees
      • Back
      • Board Directory
      • Board Meetings
      • Committees
      • Other Bodies
    • Key Initiatives
      • Back
      • Indigenous Initiatives
      • COVID-19 Updates
    • Engagement with Public and Profession
    • Affiliations
    • Annual & Financial Reports
    • Strategic Plan
    • Awards & Scholarships
      • Back
      • Distinguished Service Awards
      • Recognition of Service
      • Scholarships
    • Frequently Asked Questions
  • For the Public
    • Back
    • Find a Lawyer
    • Complaints
    • Finding Files & Wills
    • Public Resources
    • Financial Claims
    • Notices
    • Careers
  • Lawyers & Students
    • Back
    • Become a Lawyer
    • Membership Services
    • Forms & Certificates
    • Making A Payment
    • Trust Accounting & Safety
      • Back
      • Responsible Lawyers
      • Filing Requirements
      • Anti-Money Laundering Model Rules
    • Professional Development
    • Fraud & Loss Prevention
    • Practice Advisors
    • Practice Management Consultations
    • Approved Legal Services Providers
    • Complaints
    • Equity Ombudsperson
    • Alberta Lawyers Indemnity Association
      • Back
      • Report a Claim
      • Group Policy
      • ALIAlerts
      • ALIAdvisories
  • Resource Centre
    • Back
    • Learning Centre
    • Student Resources
    • Public Resources
    • Disaster Planning and Recovery
    • Upcoming Events
    • Media Room
    • eBulletins
    • Latest News
    • Lawyer Programs
      • Back
      • Mentor Connect
      • Mentor Express
      • AdvisorLink
      • Locum Connect
      • Practice Management Consultations
      • SoloNet
      • Assist
    • Key Resources
      • Back
      • Client Relationships
      • Communication & Research
      • Equity & Diversity
      • Ethics & Professionalism
      • Practice Management
      • Substantive Legal Knowledge
      • Trust Accounting & Safety
      • Wellness
      • Webinars
  • Regulation
    • Back
    • Act, Code & Rules
    • Hearings
      • Back
      • Schedule
      • Decisions & Outcomes
      • Complaint Dismissal Appeals
      • Adjudicator Directory
      • Tribunal Office
    • Notices
      • Back
      • Custodianship
      • Disbarment
      • Reinstatement
      • Resignation
      • Suspension
    • Unauthorized Practice of Law
  • Find a Lawyer
  • Lawyer Portal
  • Contact

Email: Education

Fill in the form below to get in touch with the Education department.
  • Drop files here or
      Text, PDF, MSOffice, and Images only. Max size 20 MB.

    Email: AdvisorLink

    Fill in the form below to get in touch with AdvisorLink
    • 1. AdvisorLink (operated by the Office of the Practice Advisors) and the Advisors accept no liability whatsoever arising from assistance given to lawyers or to any persons claiming through or under them.
      2. Lawyers are obligated to independently verify statements of law, procedure or fact made to them by the Advisor, before relying on them.
      3. AdvisorLink must not be used as a substitute for the lawyers’ own thorough research and analysis or for the lawyers’ own professional judgment.

    Email: Accounting

    Fill in the form below to get in touch with Accounting
    • Drop files here or
        Text, PDF, MSOffice, and Images only. Max size 20 MB.

      Email: Customer Service

      Fill in the form below to get in touch.
      • Drop files here or
          Text, PDF, MSOffice, and Images only. Max size 20 MB.

        Email: General Feedback

        Fill in the form below to get in touch with General Feedback
        • Drop files here or
            Text, PDF, MSOffice, and Images only. Max size 20 MB.

          Email: Communications and Media Relations

          Fill in the form below to get in touch with Communications and Media Relations.
          • Drop files here or
              Text, PDF, MSOffice, and Images only. Max size 20 MB.

            Email: Indigenous Initiatives Liaison

            Fill in the form below to get in touch with Andrea Menard
            • Drop files here or
                Text, PDF, MSOffice, and Images only. Max size 20 MB.

              Email: Membership Services

              Fill in the form below to get in touch with Membership Services
              • Drop files here or
                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                Email: Manager, Membership Services

                Fill in the form below to get in touch with Tina McKay
                • Drop files here or
                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                  Email: Elizabeth Aspinall

                  Fill in the form below to get in touch with Elizabeth Aspinall
                  • Drop files here or
                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                    Email: Jesse Mackenzie

                    Fill in the form below to get in touch with Jesse Mackenzie
                    • Drop files here or
                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                      Email: Allan Guty

                      Fill in the form below to get in touch with Allan Guty
                      • Drop files here or
                          Text, PDF, MSOffice, and Images only. Max size 20 MB.

                        Email: SoloNet

                        Fill in the form below to get in touch with SoloNet
                        • Drop files here or
                            Text, PDF, MSOffice, and Images only. Max size 20 MB.

                          Email: Practice Management

                          • Drop files here or
                              Text, PDF, MSOffice, and Images only. Max size 20 MB.

                            Email: Nancy Bains

                            Fill in the form below to get in touch with Nancy Bains
                            • Drop files here or
                                Text, PDF, MSOffice, and Images only. Max size 20 MB.

                              Email: Inform Trust Safety

                              Fill in the form below to get in touch with Inform Trust Safety
                              • Drop files here or
                                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                Email: Trust Safety

                                Fill in the form below to get in touch with Trust Safety
                                • Drop files here or
                                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                  Email: Information Management

                                  Fill in the form below to get in touch with Information Management
                                  • Drop files here or
                                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                    Email: Election

                                    Fill in the form below to get in touch with Election
                                    • Drop files here or
                                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                      Email: Justicia Project

                                      Fill in the form below to get in touch with Justicia Project
                                      • Drop files here or
                                          Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                        Email: Locum Connect

                                        Fill in the form below to get in touch with Locum Connect
                                        • Drop files here or
                                            Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                          Email: Mentor Connect

                                          Fill in the form below to get in touch with Mentor Connect
                                          • Drop files here or
                                              Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                            Email: Mentor Express

                                            Fill in the form below to get in touch with Mentor Express
                                            • Drop files here or
                                                Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                              Email: Indigenous Law Student Summer Employment Program

                                              Fill in the form below to get in touch with Indigenous Law Student Summer Employment Program
                                              • Drop files here or
                                                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                Email: ALIA

                                                Fill in the form below to get in touch with ALIA
                                                • Drop files here or
                                                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                  Email: ALIAlert fraud alerts

                                                  Fill in the form below to get in touch with ALIAlert fraud alerts
                                                  • Drop files here or
                                                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                    Email: Equity Ombudsperson

                                                    Fill in the form below to get in touch with Elizabeth Aspinall
                                                    • Drop files here or
                                                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                      Email: Tribunal Office

                                                      Fill in the form below to get in touch with Tribunal Office
                                                      • Drop files here or
                                                          Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                        Email: Custodianship

                                                        Fill in the form below to get in touch with Custodianship
                                                        • Drop files here or
                                                            Text, PDF, MSOffice, and Images only. Max size 20 MB.