Monday, March 17, 2014

ALM on Law Firm Data Security : Client Pressures Growing


ALM's Legal Intelligencer is running an excellent series on information security. Part 1: "Law Firms Face Pressure From Clients on Data Security" --
  • "Forget client service or rate flexibility. If a law firm wants to get, or even keep, business, data security plans are often now the price of admission. Corporate America is increasingly looking to ensure its outside counsel are handling client data just as securely as the clients themselves do."
  • "'As an industry, we are being challenged in ways that we have historically not been by some of our clients and, most notably, our financial services clients,' said Kelley Drye & Warren Chief Information Officer Judi Flournoy...  While data security is important to all clients, Flournoy said those in the financial services industry, for example, are regulated to ensure their vendors are following proper data-security protocols."
  • "Reed Smith Chief Information Officer Gary Becker said many clients in the financial services and health care industry are mandated under federal law to continually review their data security initiatives. 'We're now regulated by our clients," Becker said.'"
  • "Many of those clients have done annual audits of a firm's security policies for years now, but they are starting to increase that review to include quarterly discussions on security policies, Becker said. And it isn't just current clients doing the asking. Many requests for proposals for new matters include 'extensive' sections on security and data protection, Becker said."
  • "Ballard Spahr General Counsel William Slaughter said his firm has had systems in place to ensure client data is secure, but in the past few years has seen more client requests for procedures specific to the clients. That has required the firm to occasionally have to add certain capabilities, such as encryption of email."
  • "John Mullen, head of Lewis Brisbois Bisgaard & Smith's data privacy and network security practice, said he has represented a number of law firms when it comes to data security issues. And he said firms do get breached. Firms aren't doing enough to protect data, Mullen said. 'The short version is, law firms generally speaking don't have the budget and don't have the focus and don't make the allocations to truly protect the data they have,' Mullen said."

No comments:

Post a Comment