Wednesday, May 18, 2011

Risk Controls: CNA Confidentiality & Information Security Survey Report

Insurance provider CNA recently published a fascinating report on law firm information risk management issues tied to confidentiality management: "...the survey information was gathered to determine what law firms are currently doing to manage and identify technological risks."

The report summarizes policies and practices firms have in place to address information risk issues. Of note:
  • 59% of responding firms indicated that they had developed special it/data security policies or procedures in response to a client’s request. CNA notes: "Maintaining effective information technology and data security policies and procedures are concerns shared by corporations, clients and the general public as well as law firms. It is a good business practice to develop and implement proper policies and procedures before a client requests it."
  • 53% of responding firms cite "Rogue Employee" misuse of restricted information as an area of confidentiality/privacy information risk that concerns them the most. Lawyers fared better, with 37% citing "Rogue Attorneys" as top concern.
  • As of 2010, 78% of firms have a written policy in place for data privacy or IT security, up from 65% in 2008 and 50% in 2005.
See the complete report, which CNA has kindly furnished a direct link to, here: "Law Firms and Risk Control: Information Security and Confidentiality Survey."

No comments:

Post a Comment