Wednesday, December 10, 2014

NY Law Journal on Law Firm Information Security

With a hook invoking the late, great Rod Serling, the chances of a legal article _not_ touching risk issues making it to the blog are already high. Combine both, and, submitted for your approval: "Cybersecurity: Business Imperative for Law Firms" --
  • "It is not difficult, then, as the late Rod Serling, host of the long-running television show "The Twilight Zone" asked viewers at the beginning of each episode, to 'imagine, if you will' the following scene:
  • "A law firm's managing partner answers her phone on the first ring. It is 3 p.m. on the Wednesday before Thanksgiving and her husband wants to know when she'll be home... She clicks on the first email. It's from the chief technical officer of the bank that is the firm's biggest client. He is writing to advise that, due to increased cybersecurity scrutiny from New York State's Department of Finance and the Securities and Exchange Commission (SEC), he will be auditing the information security protocols of all of the bank's law firms."
  • "He needs access to the firm's network and copies of all information security policies and procedures, along with materials used to train the attorneys and staff—current, of course—by the following Monday morning."
  • "The managing partner swallows hard: There are policies, but they haven't been updated since BlackBerrys were the only smartphone allowed for firm business, five years ago."
  • "She clicks on the second email. This one is from the chief information officer of a 100-hospital system that short-listed the firm for its national litigation counsel. His email says that the board has decided to review the information management policies of all the finalists. He apologizes but, he writes, after a recent incident in which another hospital system law firm inadvertently disclosed the information of 400 patients to Google, the board has decided not to award an engagement to any firm unless it can show that patient information will be adequately protected."
  • "The managing partner picks up the phone, tells her husband she'll be working through the night and will also be leaving for the office right after the Thanksgiving meal, and offers that maybe one of the kids could help him cook."
The article proceeds to serve up a healthy helping of analysis, covering current trends, new standards and growing scrutiny placed on law firm compliance:
  • "With developments such as the requirements upon lawyers in the HIPAA omnibus rule and Superintendent Lawsky's letter requiring financial institutions to provide information about their law firms' information safeguards, the legal, ethical and business obligations come together. The question for law firms is not whether to become cybersecurity literate, but how quickly they can do so, in-house or with the assistance of outside experts and counsel, to the satisfaction of their clients and the clients' regulators."

No comments:

Post a Comment