Last fall, MacKenzie Dunham was a law student working at a personal injury firm in Houston when one of the firm’s two partners called the office to say their car had been broken into and he would not make it in.
Not worried, the partner mentioned that among his stolen belongings was a MacBook he used for work.
This was when Dunham realized the theft was not just a nuisance—it was a major breach of client documents.
With no stated firm policy, he leaped into action by rejecting the computer’s access to the firm’s various online accounts and remotely wiped the machine.
“I just did what I could to minimize [the breach],” Dunham says. Without his efforts, “the person that had the laptop would have access to client files.”
After the incident, Dunham created the firm’s first security policy and made sure all firm devices were trackable and able to be remotely wiped.
Now a staff attorney at Access Justice Houston, a nonprofit law firm he founded, Dunham says this lesson taught him that “you need to be prepared to have every device that has ever touched client information ... stolen.”
This article was submitted by Jonathan T. Armiger, Armiger Law. If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section, please email Kara Sikorski at firstname.lastname@example.org.