Attorneys engaged in the financial activities of their clients fall under the mandated provisions of the Gramm-Leach Bliley Act. If your practice includes real estate closing, financial planning, estate planning or you represent a client in any financial area, you fall under the guidelines.
The American Bar Association filed an action in the Federal District Court, asking the Court to exempt Attorneys from Title V of the GLB Act. The action is pending and no quick resolution is in sight. Compliance with the Safe Guarding Provisions of GLB is simple, as is the disposal by shredding of files and records that contain Non-Public Information (NPI) of the financial nature of your clients’.
There is no additional cost to you in order to comply with the provision of GLB. A-1’s destruction process, prior to the enactment of GLB, was based on the Department of Defense guidelines for the destruction of secret and sensitive documents. The two issues of compliance that you must deal with are to do due diligence in choosing a reliable vendor for the disposal of NPI by shredding and to give written permission to the vendor to remove NPI for the sole purpose of disposal by shredding. A-1 would be in violation of certain provisions of GLB if we did not receive written permission from the generator of NPI to posses such information for the sole purpose of disposal by shredding.
Attorneys have another issue to deal with on a Federal level and that is the enactment of the Health Insurance Portability and Accountability Act, commonly known as HIPAA. The Act protects the privacy of protected health information (PHI). If your files and records contain any medical records of your client’s you must comply with the HIPAA provisions for safeguarding and disposal by shredding of these records.
You are required to enter into a Business Associates Agreement with your document destruction vendor. For the same reasons outlined above, there are no additional costs for your compliance with the HIPAA provisions