I Find the Defendant: Vulnerable – Security Solutions for Legal Firms

Today, many law firms overlook security measures, either because of complexity or expense. Whether in fields of family law, prosecution, defense, intellectual property, or tax law, law firms request a great deal of personal data that most other highly regulated industries would have to keep under lock and key.

When a lawyer begins building a case, he/she collects a significant amount of personal information about their client, from credit card information to financial acquisitions. The information is then placed into a database within the firm’s records. This common scenario of gathering personal information and storing it in a database is similar to banks and credit card companies. Databases in the legal industry are hazardous because too often minimal requirements are placed on legal firms to install adequate IT security systems.

Sensitive electronic data such as financial documents or emails can be exceptionally damaging if they fall into the hands of the opposing counsel or motivated cyber criminals. Integrity, quality and fostering relationships are goals that every law firm strives to achieve with their clients. However, the uncontrolled leak of client data could shatter all of these positive ambitions.

The attorney-client privilege is the most important concept in the legal field because it protects communications between attorneys and their clients. If clients are constantly worried about the whereabouts of their information, it is not likely that positive progress on a case will occur. Attorney-client privileges must be established to pursue a successful outcome for a client’s case.

Marc Rotenberg, executive director of the Electronic Information Center, in Washington stated, “It’s very important to enforce our existing privacy laws and bring these types of cases because the government and the private sector seem to be doing such a poor job of safeguarding people’s information.” (1) More can be done to safeguard client’s information in this technology-driven age.

The legal industry, steeped on confidentiality, needs to reexamine how it traditionally deals with electronic client information. According to a study conducted by Millard Brown IntelliQuest, of all factors driving technology investments in law firms, 77% feel that attorney’s demands are very important while 62% consider their client’s demands very important. Both statistics identify the importance of using integrated systems for communication. Law firms must emphasize their clients because it is their data which is left vulnerable if a breach occurs within the firm.

The American Bar Association (ABA) is responsible for principles governing the legal industry. While the ABA has strongly advised firms to implement tougher electronic security measures, they have never fully written laws regarding the issue. In their formal opinion (No. 99-413) concerning email encryption, the ABA stated:

“The Committee concludes, based upon current technology and law as we are informed of it, that a lawyer sending confidential client information by unencrypted e-mails does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use.”

These statements seem outdated because security issues are so prominent today. Motivated criminals and opposing counsels will do whatever it takes to infiltrate a company in order to gain access to email content and stored data.

The legal industry has made some strides in data protection by using basic virus and spyware programs, but has yet to address issues of outbound email protection. Dennis Kennedy of NetTech, Inc. claims, “It is not uncommon to find attorneys who receive well over a hundred new e-mails messages a day.”(2) Hundreds of unencrypted e-mails a day containing case strategies and potentially personal information cannot continue to float through cyberspace waiting for someone to illegally intercept them.

How can this problem be fixed? The solution to dealing with email and electronic data involves two things, implementing email encryption software and seeking knowledge about potential email and data threats. Email encryption with rights management applied allows attorneys to send and receive emails without clients having to worry about their privacy. In the past, lawyers have solely relied on email disclaimers in their emails, such as “DO NOT FORWARD THIS EMAIL.” Email disclaimers are often ignored and are simply not enough in today’s high risk digital age. Law firms also need to know what’s going on in the technology world and wisely update their security practices to protect client’s data, as well as encrypt emails to make their clients feel safe when communicating online. Attorney-client privileges mean a lot in the legal industry, and in order to retain that trust, lawyers need to do what they can to secure their relationships.

Legal firms must strive to stay ahead of those who would profit from snooping on email communication. Who knows what the legal industry could turn into if firms don’t change their security ways? There have been many debatable court decisions over the past quarter century, such as the OJ Simpson trial and Enron cases that have left Americans skeptical about the attainment of some data used in the trial. By implementing email encryption, the legal industry can once again communicate with their clients with complete confidence and be sure that their clients have the same assurance that they will have in the court room.

End Notes

  1. Hines, Matt. “Data Losses May Spur Lawsuits.” Security IT Hub. June 8, 2006. 26 Jun 2006 http://www.security.ithub.com.aspx>.
  1. Kennedy, Dennis. “Taming the Email Tiger.” Dennis Kennedy Blog. October 14, 2005. 6/10/2006 http://www.denniskennedy.com.html>.

Related posts