The American Lawyer recently took their annual survey of technology executives from AmLaw 200 firms. The results are in, and here’s one of the most significant findings: Eighty-six percent of respondents are more concerned about security issues than they were two years ago. Huzzah! It’s about time law firms realized they are not the impenetrable safeguards of valuable client information they once were.
To be fair, for a long time the law firms had it easy. Lawyers, and the personnel they supervise, are bound by canons of legal ethics to protect their clients’ information. In the era of paper documents, that protection was not so difficult. Barring a rare, Watergate-like incident of espionage, physical intrusions and theft of information were prevented by simple lock-and-key security. Misappropriation of information by a rogue lawyer or staff member was considered unthinkable — fear of ethical sanctions and disbarment stopped would-be thieves from acting.
Data Security in the E-Discovery Era
As we moved into an era of electronic documents, firms deployed information security measures, but by and large, those safeguards were not particularly robust. And even fairly well-secured firms had a weak link: humans working at computers. In those days, many employees didn’t fully understand – or even resented – the need for strong data security. But generally, these security protocols were good enough for clients, and therefore good enough for the firms.
Times have changed. Law firms now realize that information security must be a top priority, for several reasons. First, it is no longer true that security attacks rarely target law firms. Cyber-criminals today recognize the value of the commercial information that firms possess, and they are using sophisticated techniques to mount their attacks. Second, heightened regulatory requirements demand that law firms protect certain information, especially for their clients in financial services and health care. Finally, and most importantly, clients now insist that law firms step up their security to meet enterprise-level requirements. As one survey respondent noted, winning client work now depends on having adequate security: “[A]s part of the RFP process, you’ll need to provide very detailed specifications on what you have in place.”
Information Security Protocols
Welcome to our world, law firms! Since its inception, DiscoverReady has expected its clients to demand the highest-level security protocols to protect their data, and we have gladly obliged. Virtually every proposal we present for new business includes a section on our industry-leading security measures. We have passed security audits by clients in the most data-sensitive industries, including banks, cutting edge high-tech organizations, and companies in biotech and pharma. Some of the security measures we take include:
- 24/7 video surveillance of all our facilities
- Multi-phase physical access controls, including card key, keypad and biometric barriers
- Internet and email access restrictions for both full-time and contract personnel
- Mobile phone restrictions in document review rooms
- Mobile phone and laptop security requirements for all employees
- Detailed protocols for encryption of data, and prohibitions on the transfer of non-encrypted data
- Highly controlled and restricted data storage facilities
- Rigorous background checking and confidentiality contracting with employees and contractors
At DiscoverReady we take our clients’ concerns about security as seriously as they do, and we’re proud of the protection we provide. I’m glad to see that law firms are now adopting the same vigilance, and upping their approach to information security. After all, law firms and we share the same clients — clients that deserve the best information security measures we can give them.