Avoid free public Wi-Fi. These free networks, like those in coffee shops, are rife with danger and provide easy access to your data by cybercriminals.
It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?
As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Daniel J. Siegel, owner and founder of two businesses: (1) Integrated Technology Services, LLC (ITS), a technology and software consulting firm for law firms and small businesses, and (2) Law Offices of Daniel J. Siegel, LLC, a law firm that focuses on assisting clients and other lawyers with cybersecurity, ethical and techno-ethical concerns. Unlike traditional legal consulting firms and law firms, Dan’s businesses combine legal expertise with their knowledge of technology issues, allowing them to address problems that have commonly required multiple resources. Dan also frequently writes and presents on various topics related to technology, ethics and cybersecurity.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up before computers existed. It wasn’t until two years after graduating law school that I bought my first one and soon discovered my interest in everything related to technology. As an attorney, I am able to put technology to work in practice, and once I decided to open my own law firm 15 years ago, it was logical to also add technology consulting to the mix of services.
Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.
My mentor, Professor Sid Wise of Franklin and Marshall College, always emphasized the importance of being prepared for whatever happens and not to be shoehorned into one narrow career path. As a result, I have always handled a wide range of legal matters and that broad knowledge has been the key to my willingness to learn and to adapt personally and professionally.
Can you share the most interesting story that happened to you since you began your career?
It was probably a short conversation at the American Bar Association’s TECHSHOW in 2020. A woman approached me and asked if I was Dan Siegel. I said “yes,” and she replied, “You’re a star.” I was flabbergasted, and we chatted further. While I enjoy the writing and speaking I do, I never realized that my work had garnered attention throughout the country. It was a surprising moment that helped me understand that focusing on technology and ethics does make a difference for others.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
My wife, Eileen, and my sons Brad and Doug. They have always encouraged me to follow my passions and have never questioned my actions, including when I left an established prominent law firm and decided to open my own law firm and consulting firm with no clients at the time. They all said that my grandparents and my dad ran their own businesses and believed I could too.
Are you working on any exciting new projects now? How do you think that will help people?
I now Chair the Pennsylvania Bar Association’s Legal Ethics Committee, where I oversee a group of attorneys who provide ethical guidance to other lawyers. I am using my term to focus on issues that impact solo and small firms, groups that are often under-represented in legal committees. We have initially focused on educating lawyers about how to handle their trust accounts, an area where they often get into disciplinary trouble. Our first continuing education program had over 1,200 registrants, highlighting the need for this type of continuing legal education.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Do what you love, and follow your passion.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?
The specific requirements vary by jurisdiction. Every state and every country have their own rules. But most of the time, the first thing to do is to use basic technology such as firewalls, antivirus and antimalware software. Then, you must assure that computer software is up-to-date and that staff are educated about protection measures, including avoiding spam, malware and clicking on links and attachments from unknown or untrustworthy sources.
Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?
We do not recommend destroying electronic data; storage is cheap. That said, if you can backup data that is no longer needed and store it separately, you have fewer risks than if you leave it exposed.
In the face of this changing landscape, how has your data retention policy evolved over the years?
As I mentioned, we retain all client data indefinitely. What has changed is the need to be more proactive about educating staff, all staff, about best practices and doing so frequently. We also have policies about computer and Internet use, and we go over the terms with our staff so that they understand why we have adopted them.
Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?
As I mentioned previously, we retain all client data indefinitely as data storage is relatively inexpensive.
Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?
For lawyers and businesses, many states have their own laws and regulations around privacy and data protection. Plus, we have federal laws such as HIPAA that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge. My hope is that we eventually have a comprehensive national law and regulations around data privacy that will make it easier for businesses and law firms to work with clients in multiple jurisdictions.
In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?
Yes, but the change is not just in the tools, but also in the fact that the tools are becoming more customizable for the needs of businesses and law firms. For example, the public may not realize that a client owns his or her own law firm file, so law firms that store data in the “cloud” must be careful what they sign when working with cloud providers. Initially, the terms were fixed, but as the technology has evolved so has the focus, and smaller firms have more leverage. That said, we strongly urge our clients to only store data remotely if the storage location is in the United States, because all U.S. locations have constitutional protections not necessarily available outside the country.
There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?
The breaches highlight our efforts to educate clients and attorneys about potential dangers. While a focused hacker can break through barriers, as the Russians have done to the U.S. government for example, in most cases using basic measures is key because those actions will stop most of the efforts. It’s no different from locking your car: most criminals will pull the door handle, see that it’s locked and move on to what they hope is an easier target.
Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)
1. Encrypt your data by using passwords and other security. The data is worthless without the “key” that unlocks it.
2. Keep your software, including operating systems, up-to-date. You wouldn’t eat a rotten egg, so don’t use expired and unsupported software.
3. Enlist a consultant to be sure you are using industry best practices. It’s the same reason you get an annual checkup: sometimes you can’t see your own problems and need an expert to keep you (and your data) protected.
4. Avoid free public Wi-Fi. These free networks, like those in coffee shops, are rife with danger and provide easy access to your data by cybercriminals.
5. Purchase cyberinsurance. Not only are such policies good protection, but many companies also offer free programs that help you understand how to keep information safe.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
End hate and bigotry. Despite everything I do professionally, I find the most dangerous disease we experience is the type of hatred that has become a huge influence. Don’t judge people based on stereotypes.
How can our readers further follow your work online?
You can follow me personally on LinkedIn and Twitter @danieljsiegel. You can follow ITS on LinkedIn and Facebook @techlawyergy.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!