Today, security measures are overlooked by many law firms, either because of their complexity or cost. Whether in the fields of family law, prosecution, defense, intellectual property, or tax law, law firms request a vast amount of personal data that most other highly regulated industries would have to keep under lock and key.
When an attorney begins to build a case, they collect a significant amount of personal information about their client, from credit card information to financial acquisitions. The information is then placed in a database within the company’s records. This common scenario of collecting personal information and storing it in a database is similar to banks and credit card companies. Databases in the legal industry are dangerous because too often minimum requirements are placed on legal firms to install adequate IT security systems.
Sensitive electronic data, such as financial documents or emails, can be exceptionally damaging if it falls into the hands of opposing counsel or motivated cybercriminals. Integrity, quality and nurturing relationships are goals every law firm strives to achieve with its clients. However, the uncontrolled leak of customer data could shatter all these positive ambitions.
The attorney-client privilege is the most important concept in the legal field because it protects communications between attorneys and their clients. If clients are constantly concerned about the whereabouts of their information, positive progress in a case is unlikely. Attorney-client privileges must be established to achieve a successful outcome in a client’s case.
Marc Rotenberg, executive director of the Electronic Information Center in Washington, said, “It’s very important to enforce our existing privacy laws and bring these kinds of cases because the government and the private sector seem to be doing a poor job of protecting information from people. .” (1) More can be done to safeguard customer information in this technology-driven age.
The legal industry, steeped in confidentiality, needs to reexamine how it traditionally treats electronic client information. According to a study by Millard Brown IntelliQuest, of all the factors that drive technology investments at law firms, 77% feel that the demands of lawyers are very important, while 62% consider that the demands of their customers are very important. Both statistics identify the importance of using integrated systems for communication. Law firms need to emphasize to their clients that it is their data that is left vulnerable if a breach occurs within the firm.
The American Bar Association (ABA) is responsible for the principles that govern the legal industry. While the ABA has strongly encouraged companies to implement more stringent electronic security measures, they have never written comprehensive laws on the subject. In its formal opinion (No. 99-413) on email encryption, the ABA stated:
“The Committee concludes, based on current technology and the law as reported to us, that an attorney who sends confidential client information by unencrypted email does not violate Model Rule 1.6(a) by choosing that mode of communication. This is primarily because there is a reasonable expectation of privacy in its use.”
These statements seem outdated because security issues are so important today. Motivated criminals and opposing attorneys will do whatever it takes to infiltrate a company in order to gain access to email content and stored data.
The legal industry has made some progress in protecting data through the use of basic virus and spyware programs, but has yet to address outbound email protection issues. Dennis Kennedy of NetTech, Inc. states, “It is not uncommon to find attorneys receiving more than a hundred new emails a day.”(2) Hundreds of unencrypted emails a day containing case strategies and potentially personal information they can keep floating around in cyberspace waiting for someone to illegally intercept them.
How can I solve this problem? The solution for handling email and electronic data involves two things, implementing email encryption software and looking for information about potential email and data threats. Email encryption with rights management applied allows attorneys to send and receive email without clients having to worry about their privacy. In the past, attorneys relied solely on email disclaimers in their emails, such as “DO NOT FORWARD THIS EMAIL.” Email disclaimers are often ignored and simply aren’t enough in today’s high-stakes digital age. Law firms also need to know what’s going on in the world of technology and wisely update their security practices to protect client data as well as encrypt emails so their clients feel safe when communicating online. Attorney-client privilege means a lot in the legal industry, and to maintain that trust, attorneys must do everything they can to secure their relationships.
Law firms must strive to stay ahead of those who would benefit from eavesdropping on email communication. Who knows what the legal industry could become if companies don’t change their security practices? There have been many contentious court decisions over the last quarter century, such as the OJ Simpson trial and the Enron cases, that have left Americans skeptical about obtaining some of the data used in the trial. By implementing email encryption, the legal industry can once again communicate with their clients with complete confidence and be assured that their clients have the same security they will have in the courtroom.
– – – – – –
final notes
1. Hines, Matt. “Data Losses May Lead to Lawsuits.” Security IT Center. June 8, 2006. June 26, 2006 http://www.security.ithub.com.aspx>.
2. Kennedy, Dennis. “Taming the email tiger.” Dennis Kennedy Blog. October 14, 2005. 6/10/2006 http://www.denniskennedy.com.html>.
