By Shamla Naidoo Two weeks ago I wrote about the Houston lawyer’s client whose personal information was dumped in a parking lot. Most states have Breach Notification Statutes that compel companies to notify consumers of such “breach” incidents. Many states apply breach notification obligations where there is inappropriate disclosure of computerized personal information. This makes sense given how easy it is to expose large volumes of data that are stored, generated or shared by computer systems. In Illinois, 815 ILCS 530, commonly known as the Personal Information Protection Act, governs the obligations for such incidents that affect an Illinois resident. The statute defines a data collector and the definition includes privately and publicly held corporations, and……”any other entity that, for any purpose, handles, collects, disseminates, or otherwise deals with nonpublic personal information”. By definition, this statute governs all law offices and even those of us who practice as private individuals are covered because we handle information of our clients that are non-public and personal. Attorneys are data collectors in Illinois! So, you are covered by this statute but what does that mean for your practice? In short, when you are responsible (directly or indirectly) for the inappropriate exposure of your client’s personal information, you must notify them or you will be in violation of 815 ILCS 530 as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. The notification must be either a written notice, an electronic notice or a substitute notice may be issued if the data collector demonstrates that the cost of providing notice will exceed $250,000 or the number of people to be notified exceeds 500,000. 815 ILCS 530, Section 10 provides detailed information about your obligations to notify clients of a breach of their personal information. I encourage you to review the law and incorporate the requirements into your office operations. Of course, I am a big proponent of prevention so I advise you to take steps to avoid data breaches. If you want to learn more about how to proactively protect the data to begin with, you should attend the session titled, “The Barbarians Are at The Gate: Securing Your Technology and Your Network” at the ISBA Solo and Small Firm Conference in October.