Law firms and privacy compliance

Law firms and privacy compliance

What are the main privacy-related issues affecting law firms in 2017 and how can they be resolved? As part of a series of articles to mark Data Privacy Day, we ask a data protection expert from a prestigious international law firm about the privacy issues faced by his and other law firms.

Before it’s here, it’s on Lexis®PSL. Click here for a free trial. 

What problems does privacy frequently present to law firms and how can they be best avoided?

Due to the nature of the work and well-established rules on legal privilege and confidentiality, law firms hold significant amounts of business sensitive data. This includes employees’ and clients’ personal data, as well as financial data and sensitive information about corporate clients which is of interest to a variety of parties.

As a result, law firms can be key targets for cyber security attacks, and many are now becoming more aware of the privacy and security risks they face, not only from attacks perpetrated by third parties, including foreign states, but also from data exfiltration by disgruntled or former employees. In early 2016, nearly 50 top law firms were subject to cyber-attacks by hackers reported to be linked to the Chinese Government. The attacks were aimed at gaining commercially sensitive information for the purpose of insider trading, and hackers attempted to obtain this information by accessing lawyers’ email accounts. The trend of ‘bring your own device’ (BYOD), which has permeated the legal services industry, and remote working have exacerbated the risks.

Law firms should ensure that appropriate security measures are in place and ensure that their lawyers and staff receive sufficient training to prevent against security attacks and/or breaches. We are seeing a trend of more US firms engaging security specialists and personnel adept at guarding a firm’s critical infrastructure—client and marketing lists, electronic directories and files, and communications networks—from security threats, as well as introducing policies and procedures to regulate the

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login