Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
MAY 2024CIOAPPLICATIONS.COM 19sensitive information is identified and redacted. It is important to leverage technology that can help to identify various forms of PII and PHI and redact it, thereby ensuring against sanctions, and properly protecting client information. Raising awareness among law firm attorneys regarding the need to identify and redact sensitive client information is key. Drafting e-discovery review protocols that include directions on how to handle sensitive information and having process checks to confirm that sensitive information is redacted prior to production ensure client data is being properly protected. But, e-discovery is not the only area in which a law firm encounters cyber security challenges. Law firms routinely receive sensitive client information related to, say, mergers and acquisitions. As you have probably read, the holding of sensitive information by their law firms is something to which General Counsel are keenly attuned. As a result, law firms find themselves routinely responding to security questionnaires from clients conducting due diligence to be sure their company information is properly secured in the law firm environment. This focus on security requirements by clients has led to new technology, new certifications, and a new function in the law firm.Indeed, law firms are hiring cyber security professionals to help with managing client cyber security requirements. These are positions that did not exist a dozen years ago. A recent google search showed 13,000 legal cyber security jobs posted on LinkedIn. These law firm cyber security team members use various, often times cutting edge,technologies (representing new law firm spend) to monitor data flow into, within, and out of the law firm as part of the vigilant effort to protect against cyber breaches and maintain the security of client files. Having cyber professionals is not enough, however. Many law firms have received certifications and regularly undergo security audits to comply with external security certifications and client mandates. Often, as a requirement of maintaining these security credentials, a Cyber Security Committee is formed to routinely review information security data and address security compliance within the law firm. They may also develop protocols around security issues, such as those for data encryption and remote work.Training is always an opportunity, but in the cyber security context, it is a requirement. Education of employees to raise awareness of various scams and "phishing" attempts that might result in a cyber breach is critical, as is monitoring participation in the training. This is true for any business in the 21st century, not just law firms.The cyber security team is also involved in vetting other technology solutions being introduced to the law firm. For example, as I evaluate any technology platform, a part of the due diligence that must be conducted before bringing the technology into the firm ­ whether it is behind our firewall or in the cloud ­ is the security evaluation. This includes understanding a myriad of information that is all directed at ensuring our data, and by extension our client's data, is secured. Law firms proactively addressing cyber security may also be relying more heavily on the information governance professional to oversee the intake, secure storage, secure access, and proper disposition of client files. This administrative role is key to a law firm's proactive cyber security program. Of course, cyber security concerns and processes are not unique to law firms. Our clients face similar challenges and requirements around cyber security. Those needs present opportunity to the law firm. At a recent meeting of some of my law firm peers, nearly everyone in the room was working on a data breach review for a client. This means firms are able to leverage their expertise in e-discovery to assist clients in identifying sensitive information exfiltrated during a breach. These data breach reviews are often very time sensitive due to the various notification laws in place and require a rapid response time...e-discovery processes, technology, and expertise, in conjunction with lawyer expertise regarding data breach notification laws and negotiation with breach offenders, provide law firms with a unique opportunity to help clients in these unfortunate situations.Data breach review is not, of course, the only opportunity. It is not uncommon for law firms to offer entire practice advisory services around cyber security. Such legal services might include offering legal guidance on a company's data privacy compliance efforts, negotiating various vendor contracts to ensure security and privacy considerations are addressed favorably for the client, maintaining awareness of various national and international privacy laws, helping to craft privacy and security policies, and cyber incident response planning. While cyber security presents varied challenges and certain requirements for law firms, it is also another opportunity for law firms and their clients to collaborate. A law firm that is aware and proactive about cyber security is able to build trust with their clients and differentiate themselves from competitors. A win-win for all. A law firm that is aware and proactive about cyber security can build trust with their clients and differentiate themselves from competitors
< Page 9 | Page 11 >