Thursday, November 17, 2016

On Clients Regulating Law Firms (or "Meet the New Boss, Same as the Old Boss")

Inside counsel writes: "Law Firms, Meet Your New Regulator: Your Client" --
  • "While major banks, retailers, hospitals and insurance companies were the brick and mortar of a growing media monument to hubris and cyber overconfidence, law firm breaches went mostly unnoticed. That is, until government agencies and law enforcement grew concerned that the wealth of intellectual property curated by law firms could be used to manipulate financial markets by front running trades."
  • "As the expression goes, misery loves company, and law firms can now commiserate with their financial clientele. Law firms represent banking and investment funds, healthcare providers, pharmaceutical companies and themselves conduct myriad financial transactions."
  • "Law firms are at the cross roads of industry. Take for example, a firm that represents an investment institution in Manhattan and who has a position in a biopharma company across the river in New Jersey. The law firm now handles investment information that is regulated by the SEC and monitored by the FBI. The firm also handles healthcare information in the form of FDA drug test results, patient records, which now falls under Health Insurance Portability and Accountability Act (HIPAA). It might also house investor information from the fund, which means the law firm has PII and is ultimately on the hook for PII requirements."
  • "With an alphabet soup of regulators and laws, it’s no wonder that the clients of law firms are now taking cybersecurity seriously. It’s a big stakes loss in the event of a data breach, and it’s the kind of breach that will not go unnoticed. In fact, SEC regulations, HIPAA and PII all have disclosure requirements meaning that a law firm cannot quietly go about business while keeping the story out of the press. That is why today, more law firms are receiving cyber due diligence questionnaires (DDQs) from their clients. As regulators such as the SEC tighten their rules, implications now reach their vendors; most notably legal services."
And, as we know, information security is just one of several areas clients are exercising their power to shape law firm policies and practices.

No comments:

Post a Comment