Meeting the Defendant: Vulnerable: Security Solutions for Legal Businesses

Today, many law firms overlook security measures, either because of complexity or expense. Whether in the fields of family law, prosecution, defense, intellectual property, or tax law, law firms request a large amount of personal data that most other highly regulated industries would have to keep under lock and key.

When an attorney begins building a case, they collect a significant amount of personal information about their client, from credit card information to financial acquisitions. The information is then placed in a database within company records. This common scenario of collecting personal information and storing it in a database is similar to banks and credit card companies. Databases in the legal industry are dangerous because too often minimum requirements are imposed on legal firms to install adequate IT security systems.

Sensitive electronic data, such as financial documents or emails, can be exceptionally harmful if it falls into the hands of the opposing attorney or motivated cybercriminals. Integrity, quality, and nurturing relationships are goals that every law firm strives to achieve with its clients. However, the uncontrolled leakage of customer data could destroy all these positive ambitions.

The attorney-client privilege is the most important concept in the legal field because it protects communications between attorneys and their clients. If clients are constantly concerned about the whereabouts of their information, positive progress is unlikely in a case. Attorney-client privileges must be established to achieve a successful outcome for a client’s case.

Marc Rotenberg, executive director of the Electronic Information Center, in Washington, stated: “It is very important to enforce our existing privacy laws and bring these types of cases because the government and the private sector seem to be doing a poor job in protecting people’s information.. “(1) More can be done to safeguard customer information in this technology-driven age.

The legal industry, steeped in confidentiality, needs to reexamine the way it traditionally handles electronic customer information. According to a study by Millard Brown IntelliQuest, of all the factors that drive technology investments in law firms, 77% consider the demands of lawyers to be very important, while 62% consider that the demands of their customers are very important. Both statistics identify the importance of using integrated communication systems. Law firms must emphasize to their clients that it is their data that is left vulnerable if a breach occurs within the firm.

The American Bar Association (ABA) is responsible for the principles that govern the legal industry. While the ABA has strongly advised companies to implement stricter electronic security measures, they have never drafted comprehensive laws on the subject. In its formal opinion (No. 99-413) on email encryption, the ABA stated:

“The Committee concludes, based on current law and technology, as we were informed, that an attorney submitting confidential client information via unencrypted email does not violate Model Rule 1.6 (a) by choosing that mode of communication. This is mainly due to a reasonable expectation of privacy in its use. “

These statements seem out of date because security concerns are so important today. Motivated criminals and opposing attorneys will do whatever it takes to infiltrate a business to gain access to email content and stored data.

The legal industry has made some progress in data protection through the use of basic virus and spyware programs, but it has yet to address the issues of outgoing email protection. Dennis Kennedy of NetTech, Inc. states, “It is not uncommon to find attorneys receiving more than one hundred new emails a day.” (2) Hundreds of unencrypted emails per day containing case strategies and potentially personal information. they can’t keep floating around cyberspace waiting for someone to illegally intercept them.

How can I solve this problem? The solution for dealing with email and electronic data involves two things, implementing email encryption software and seeking knowledge about potential email and data threats. Lawyer-enforced email encryption with rights management to send and receive emails without clients having to worry about their privacy. In the past, attorneys relied solely on email disclaimers in their emails, such as “DO NOT FORWARD THIS EMAIL.” Email disclaimers are often ignored and simply not enough in today’s high-risk digital age. Law firms also need to know what is happening in the world of technology and wisely update their security practices to protect client data, as well as encrypt emails so that their clients feel safe when communicating online. Attorney-client privileges mean a lot in the legal industry, and to maintain that trust, attorneys must do everything possible to secure their relationships.

Law firms must live to stay ahead of those who would benefit from snooping on email communications. Who knows what the legal industry could become if companies don’t change their ways of security? There have been many debatable court decisions over the past quarter century, such as the OJ Simpson trial and the Enron cases, that have left Americans skeptical about obtaining some data used in the trial. By implementing email encryption, the legal industry can again communicate with its clients with complete confidence and ensure that their clients have the same security as they will have in the courtroom.

– – – – – –

Final notes

1. Hines, Matt. “Data losses can drive lawsuits.” Security IT Hub. June 8, 2006. June 26, 2006 http: //www.security.ithub.com.aspx>.

2. Kennedy, Dennis. “Taming the Email Tiger”. Dennis Kennedy’s blog. October 14, 2005. 10/6/2006 http: //www.denniskennedy.com.html>.