Privacy and data security concerns have flooded the news lately with stories about large department stores databases being breached and customer’s private information being leaked; social security numbers and credit card information. Security breaches are occurring in record numbers across businesses and industries, cyber-attacks seem to run rampant, presenting law firms many challenges but also offering many opportunities.
Law firms must have the knowledge to understand the regulatory cybersecurity landscape and the legalities that lie therein. Businesses are increasingly vulnerable to security breaches, including law firms, and we continue to read about these instances. Their legal representatives are faced with continuing challenges and the companies are trying to build effective information protection programs to deal with diverse geographic and privacy and data security laws, regulations and policies.
The challenge facing the clients' law firm representing them is the overabundance of information pertaining to their security concerns. Attorneys must be at the ready to understand and compare laws that seem to continually change and regulations that don't stay the same so that a client can be given quick, insightful answers to issues of vital importance to their business.
With law firms practicing across state, country and even globally, the security issues become even more complicated. Not only do they have to know the laws and regulations of each area but they need to know how it pertains to their clients as to business action, data type and their particular industry. They need to know how to help their clients understand the regulations pertaining to their particular circumstance and how to build an effective and cost efficient privacy and data security program.
The jurisdiction, industry, and issue at hand all factor in to what the attorney needs to know when handling a particular matter. To accomplish this major task, many firms will bring on junior attorneys or regulatory attorneys, although bringing them in and getting them up to speed presents its own challenges. Having the systems and tools needed will speed up the process of research and help the attorneys know what advice they should be giving in any particular circumstance.
Privacy and data security program consultants is how the attorneys working in this field are generally perceived. Companies usually spend 50% of their privacy and data security budgets on their legal counsel, with law firms recognizing this growing market and realizing the need for transition talented litigators to help round out their field of knowledgeable people to handle their clients' affairs
Law firms need to go beyond the traditional legal services and provide their clients with an integral understanding of the legal and regulatory nuances of the country or countries they operate in. They need to know the business implications of the legal and regulatory framework to understand policies and legislation to be able to operate in accordance with them.
Law firms need to have key insight into their clients’ goals concerning data and privacy issues and be able to provide the business implications of this framework to them clearly, not just outline laws and regulations.
Law firms also encounter the dangers of cyber-attacks. Firms that operate globally need to be prepared for the threat to their privacy and data security systems. If they handle extremely sensitive client information, such as medical, financial services, retail and telecommunications, they must be ready for the data and privacy challenges that come with the territory. Many financial institutions have addressed this issue by demanding that law firms increase their cyber security programs and policies.
Still, the threat to legal data must be addressed when concerning law firms. To assure the clients privacy and win new business, they must have increasingly strict privacy and data security programs. In addition, they must comply with varying state and national ethics rules, document retention requirements and bring your own device requirements.
Jeff Hughes, J.D.