Excerpt: For years, the authors (and many others) have been saying that law firms generally keep mum about data breaches. While we have seen a few small firms abide by data breach notification laws, the larger firms generally have not, usually hanging their hat on the “we don’t know what data was compromised” or the “we had an incident, but no evidence of an actual breach or misuse of data” excuses. In fairness, not all data breach notification laws are equal – in some cases, they may not have to disclose Whether they have told their clients is unknown, but speculation has been rising that they often have not, for fear of a mass client exodus.
Excerpt: Cybersecurity is a hot topic these days, but what does it mean to practicing lawyers today? Essentially, cybersecurity is the protection of your information systems from theft or damage. For an attorney, that means making sure your client’s information stays confidential. Today, that includes taking steps to protect yourself from experiencing a data breach.
Are lawyers doing enough to safeguard law firm and client information? Our opinion is that many are not. Here are a few reasons we hold that opinion.
- The FBI reported at a legal technology conference in 2013 that they are seeing hundreds of law firms being increasingly targeted by hackers.
- Mandiant, now part of InfoSec giant FireEye, reported that 7% of the breaches it investigated in 2014 involved law firms.
- Another report noted that 80% of the largest 100 law firms, by revenue, had been hacked between 2011 and 2015.
- At a meeting of large firm information security experts from D.C., most admitted that they had been breached – and that they were aware from their colleagues that others had been breached as well.
- Even with the dismal record of reporting law firm data breaches, we still learn of them in the press and informally – and we will detail some of them for you.
Excerpt: Scarcer than rubies are talented digital forensics experts who are also skilled at writing expert reports and giving court testimony. So how do you find a good expert when you have electronic evidence in issue? This can be a daunting task and the right selection may depend upon a number of factors including what’s at issue in the case, the budget, the geographic location of the expert, and balancing the relative credentials of the experts under consideration. In short, reach for your bottle of Advil. Mistakes are frequent.
Here are the extremes. At one end, you have the major players – with big price tags and a horrendous disparity of quality between their employees. At the other end, you have Joe, formerly a plumber, who fiddles with computers at night and thinks that digital forensics is cool. He takes a course in it, perhaps even gets a meaningless certification from the vendor, and then promptly hangs out his shingle, advertising his service at “blue light special” rates.
Excerpt: The very first time we saw Moneyball, we knew it would crop up in an article. The movie’s use of data analytics in baseball immediately prompted us to start talking about how some of the lessons of Moneyball applied to the legal sector.
We promise you that we came up with the title of this column ourselves, but as we began our research, we were shocked at how many others have had the same idea. In fact, a CLE at this year’s Legal Tech had a very similar name – and several articles on data analytics in the law did too.
Excerpt: Amid much hand-wringing, the prophecy that law firms would be forced to confront their data security shortcomings has finally come true. Clients now want, as do regulators, assurance that law firm data is being adequately protected. The receipt of information security audits, more politely termed “assessments”, is now a regular occurrence at many law firms. They come not only from clients, but from insurance companies offering cyber insurance – but they want to know what they are getting into first!
Excerpt: We deliberately chose the title “When Your Firm Suffers a Data Breach,” not “If.” This is consistent with an oft-repeated mantra in cybersecurity today (“when not if”) that recognizes the ever-increasing incidence of data breaches. Robert Mueller, then the FBI Director, put it this way in an address at a major information security conference in 2012:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
This observation is true for attorneys and law firms as well as companies. There have now been numerous reports of law firm data breaches. The FBI has reported that they are seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple – like a lost or stolen laptop or mobile device – to highly sophisticated – like a deep penetration of a law firm network, with access to everything, for a year or more.
Excerpt: We have written about cyberinsurance previously. It would be too strong to say “forget everything you knew before” on this topic, but there have been such major developments in the last year that a strong cup of coffee might be helpful while you carefully read this article. A new dawn has indeed broken and law firms have a lot of catching up to do.
Excerpt: In the world of legal ethics, 2015 was a big year, with 20 states adopting the ABA’s revised rules (Model Rule 1.1 and 1.6) regarding the need to be familiar with the risks and benefits of technology, including how to use technology to secure confidential data. CLEs about competence and technology began to multiply faster than rabbits as lawyers scrambled to see what their new ethical duties were.
Lost in that shuffle, for the most part, were discussions of an ethical requirement to be competent in e-discovery. News channels flared briefly when the California Bar released an ethics opinion (Formal Opinion 2015 – 193, published on June 30, 2015) which detailed the skills that attorneys must have when dealing with electronically stored information (ESI) and e-discovery. But the publicity died down and we saw only a handful of CLEs which touched on this issue even slightly, so the topic seemed ripe for an article.
Excerpt: No one would describe The Future of the Professions as a “light and frothy read.” We are huge fans of author Richard Susskind’s previous books and his evolving thoughts about the future of the legal profession. In this book, he and his son Daniel, a lecturer in economics at Oxford University, look across all the professions to see what the future might hold, observing many commonalities in that future.