On June 14, Lawyers Clearinghouse offered an innovative joint training and consultation session for pro bono lawyers and nonprofits interested in learning more about creating a written information security program (WISP). Morgan Lewis, in partnership with the legal departments from Bank of America and State Street Corporation, hosted and staffed the consultations.
The two-part program started with trainings led by Patti Mazurkiewicz, Benefit & Payroll Manager at the Boston Bar Association, and Dick Allen, a retired Partner at Casner & Edwards and the former chief of the Non-Profit Organizations/Public Charities Division at the Massachusetts Attorney General’s Office.
Nonprofit representatives were then paired with teams of firm and in-house attorneys who drafted or updated their WISP.
A WISP, which is mandatory for all Massachusetts nonprofits, outlines how an organization will handle and safeguard the personal information of employees, donors, clients, applicants, and board members.
Most nonprofits deal with personal information in some manner. It is defined as an individual’s first name (or initial) and last name in combination with their Social Security number, driver’s license number, financial account information, or personally identifiable health information, and it appears most often on employee and donor files, job applications, client intake forms, or background checks.
Presenters Patti and Dick each have decades of experience dealing with information security, and their respective backgrounds in human resources and nonprofit law provided attendees with two unique points of view.
In her presentation, Patti outlined best practices for implementing and maintain a WISP. She also described the procedures she has put in place at the Boston Bar Association, where employees are required to undergo WISP training annually and documents containing personal information are stored in a locked file room.
Patti encourages all nonprofits to keep up-to-date information security programs and said that by having a WISP, “you’re establishing minimum standards to be met in connection with safeguarding Personal Information contained in both paper and electronic form within your organization.”
Dick’s presentation focused on the legal statutes, regulations, and guidelines put forth by the Massachusetts Attorney General’s Office. He also explained the serious ramifications of a data security breach.
“Taking care to protect against a personal information breach not only prevents harm to an organization’s employees, clients and donors, it protects the organization against legal penalties, loss of good will, and damage to its reputation,” he said.
Rachel Strong, Senior Pro Bono Counsel at Morgan Lewis, helped Lawyers Clearinghouse coordinate the WISP program.
“These clinics are important to nonprofits that have a discrete legal issue that can be counseled in a short time period,” she said. “And they’re a great opportunity for our lawyers to use their transactional skills to help a client in need.”
Firms that are interested in partnering with their corporate clients on similar programs should contact Machiko Sano Hewitt, Director of the Clearinghouse’s Legal Referral Program.