Meghan Tribe’s article “As Cybersecurity Hurdles Loom, Smaller Firms Face Big Challenges,” highlights the increasing burden being disproportionately placed on law firms in the context of cybersecurity.[1] According to this article, at a panel discussion in New York, the Chief Information Officer at Stroock & Stroock & Lavan, Kermit Wallace, stated that the rapid pace of technology in combination with the structure of legal firms and a regulatory landscape in nascent stages conspire to make law firms increasingly vulnerable to cybersecurity breaches.[2] One of the ongoing issues concerns the fact that personally identifiable information (“PII”) is being safeguarded by more and more businesses, yet once litigation is begun or counsel is engaged, this information flows to law firms. Consequently, law firms may have access to or possession of copious amounts of data some of which contains PII as well as confidential and/or proprietary corporate information. Thus, law firms became ripe targets since the smaller firms often times have less stringent cybersecurity protocols than the original sources of the data. This spells trouble for law firms as they are forced to examine their cybersecurity hygiene protocols and practices.[3] This article raises some interesting points and Law Firms of all sizes are going to have to consider their exposure with respect to cybersecurity and data breaches.
[1] Meghan Tribe, As Cybersecurity Hurdles Loom, Smaller Firms Face Big Challenges (Sept. 27, 2016), http://www.americanlawyer.com/id=1202768670107?keywords=as+cybersecurity+hurdles+loom&publication=TAL+2008.
[2] Id.
[3] See generally, Electronic Data and the Law Firm’s Duty of Care, Delta Risk (Aug, 2015), http://www.delta-risk.net/wp-law-firm-duty/.