Tuesday, February 17, 2015

Clients Eye Security "Weak Link" – Their Law Firms

The Recorder takes another look at growing client concern over law firm information security and confidentiality management: "Clients Eye Law Firms as Security Weak Link" --
  • "Law firm leaders should be bracing for some tough conversations about data security. Alarmed by a series of stunning corporate breaches, companies are getting serious about shoring up their security—and are starting to focus on the outside legal advisers privy to some of their most sensitive corporate secrets. 'I tell anyone who will listen, 'As soon as I finish talking, run—don't walk—and call your IT director and make sure that your law firms have top of the line cybersecurity,' said FireEye Inc. general counsel Alexa King."
  • "Law firms are seen as the proverbial weak link, lacking the IT infrastructure of, say, major banks and retailers yet often holding their confidential financial data along with sensitive personnel or medical records. Some of that data is sent over unsecured networks and to personal devices."
  • "Adobe Systems Inc. associate general counsel Lisa Konie said companies are slowly waking up to that risk. 'It's going to take somebody getting burned, and then everybody is going to try to get in on it.'  [S]he and her team are trying to include data protection standards within its guidelines for working with firms."
  • "Kevin Clem, managing director of the law practice consulting group at HBR Consulting LLC said he's hearing from clients concerned about outside-counsel vulnerability, and said some clients are pressing for security assurances when they seek bids for legal work."
  • "Morgan Lewis partner W. Reece Hirsch said his practice has dealt with demands for data protection for more than a year now, but that is also because he represents clients in the health care industry. As of September 2013, all business associates to HIPAA-regulated industries became subject to HIPAA regulations themselves. Part of that includes a standard data security rule about how the data is stored and kept private. 'Law firms, frankly, haven't had their feet held up to the fire,' Hirsch said. 'In most cases their clients have confidence that the law firm is handling data security appropriately.'"
  • Firms may be starting to listen, said Patrick Archbold, vice president of risk management at legal software company Intapp Inc., if only because they don't want to lose business. 'Lawyers hate change, and they think they can lawyer their way out of anything,' he said. 'The only thing that really motivates them is clients, and that's finally happening.'"

No comments:

Post a Comment