Problem with Confidential LAPD Files Out in the Open Addressed
Unsecured files next to a parking garage staircase | Photo by the Los Angeles Police Protective League
Remember last October when the LAPD’s union busted the department for storing confidential files in common spaces like hallways and parking garages with no security (see photos here)? Documents with social security numbers, serial numbers, search warrants, arrestee booking information and more was there for the taking. Even some boxes were marked “Evidence” and “Analyzed Evidence.”
Word spread through the media and the police commission quickly asked for a report “documenting the circumstances that lead to the problem along with the Office of Operations’ corrective and preventive measures that were put into place,” wrote Chief Charlie Beck in a memo to the commission with that report attached (.pdf), which was finalized in December.
Unsecured files were found in three stations–Northeast, Southwest and Wilshire–with most records scheduled to be destroyed. However, files at Northeast were supposed to be, and eventually were, sent to a secured storage facility.
Reasons for the screw-up was mainly space capacity–when new records came in, they ousted older records, which should have been picked up for storage or destruction. “Had the Areas adhered to the yearly records retention schedule and shipped older documents for destruction the number of records retained by the Areas would not have exceeded their storage capacity,” explained the report. “However, it is important to note that Area Records Department-wide are operating with a number of vacant positions that undoubtedly contributed to this problem.”
The solution? Area Records Coordinators and the office in charge of records retention will work closely to make sure the job is done right from now on.
http://laist.com/2010/01/07/unsecured_confidential_lapd_file_is.php
Compliments of FileMan Research
Cary McGovern — FileMan
Arizona Ethics Bar approves online access to client records…
Lawyers providing an online file storage and retrieval system for client access of documents must take reasonable precautions to protect the security and confidentiality of client documents and information. Lawyers should be aware of limitations in their competence regarding online security measures and take appropriate actions to ensure that a competent review of the proposed security measures is conducted. As technology advances over time, a periodic review of the reasonability of security precautions may be necessary.
FACTS
The inquiring lawyer wants to offer a service to clients that would allow clients online access to view and retrieve client files. The lawyer designed a multi-level security system in an effort to maintain the confidentiality and security of the files. First, the client files would be accessible only through a Secure Socket Layer (SSL) server, which encodes documents, making it difficult for third parties to intercept or read them. Second, the lawyer would assign unique randomly generated alpha-numeric names and passwords to each online client folder. The folder names contain no information that could identify the client to which it belongs. The password would not be the same as the client folder name. Third, all online client files would be converted to Adobe PDF (Portable Document Format) files and protected with another randomly generated unique alpha-numeric password.
QUESTION PRESENTED
May the inquiring lawyer maintain an encrypted online file storage and retrieval system for clients in which all documents are converted to password-protected PDF format and stored in online folders with unique, randomly-generated alpha-numeric names and passwords?
For more information: http://centricecm.wordpress.com/2010/01/07/arizona-ethics-bar-approves-online-access-to-client-records/
Compliments of FileMan Research
Cary McGovern-Fileman
Read MoreIf you want to see my LinkedIn profile, click on this button:
