Sensitive Information

Earlier this week the press treated us to the intimate details of the life of a Manitoba judge and her lawyer husband.  As reports go, a few years ago, the husband took some private pictures of his wife and then, during a period of depression, posted them on the internet.  When the story broke, the judge stepped down from the bench, fearing the scandal would interfere with her ability to administer her duties.

 

As details continue to emerge, it seems that the release of the pictures was through no fault of the judge; it’s also hard to lay blame on the husband, given the questions of mental health that have been raised.  And it’s clear that the release of the pictures could not directly interfere with the judge’s ability to do her job.  But in the law, as in business, credibility is everything.  The damage has been done.

 

I will save the never-pose-for-a-picture-you-wouldn’t-want-the-world-to-see speech for my nieces and nephews and my kids, and instead use this as a lesson in the value of protecting your sensitive information.  Here are my simple rules for dealing with sensitive information:

 

  1. Only write down (record, photograph or otherwise resolve to a permanent medium) information that must be written down.
  2. Only digitize (create an electronic document) information that absolutely must be digitized.
  3. Only share information that must be shared.
  4. Only share with those you trust – and even then, follow Ronald Reagan’s maxim “trust, but verify.”
  5. When sharing, if you can control the shared copies, do so.
  6. Have rules about what the people who you share information with can and cannot do with that information.  Put those rules in writing.  Make sure everyone understands them, agrees to them and records their agreement.  Make sure that there are penalties for the improper use of the information.
  7.  Understand how you and those you share information with collect, transmit, use and store the information.  Understand the vulnerabilities associated with e-mail, the internet, as well as physical threats to tangible documents, including fire, flood and theft.
  8.  When information is no longer needed in a particular format, destroy it in that format.  Destroy all copies of it that can be destroyed.  Verify that all shared copies of the information have been destroyed.

 

The improper disclosure of sensitive information can have serious ramifications for your business or your personal life.  And the increasing ease with which information is distributed makes improper, accidental or malicious disclosure all the more likely with each new copy made and each new technological innovation.  Make sure that you do as much as you can to protect your sensitive information.  Get into these good habits and you’ll never need to call us to deal with the blowout of an unintended breach.

 Scott R. Young