Jordan L. Fischer of XPan Law Group.
Law firms often operate as a repository of sensitive client information, from proprietary trade secrets to personal data such as social security numbers and medical information. We also store sensitive emails and other communications that clients intend to and prefer to be kept between themselves and their attorney. As attorneys, our goal is to help our clients; and, the collection of this information is usually geared (or even necessary) to help and protect our clients. And, while businesses expend valuable resources to secure their business infrastructure, with a simple email request, that information is passed to a law firm that could expose sensitive data to whatever security and privacy protections (or lack thereof) that the law firm has in place.
“As custodians of highly sensitive information, law firms are inviting targets for hackers.” See ABA Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack,” at 1 (Oct. 17, 2018), (last visited June 24); see also New York Ethics Opinion 1019, “Confidentiality; Remote Access to Firm’s Electronic Files” (Aug. 6, 2014), (last visited June 24). As the practice of law becomes increasingly digital and reliant on technology, law firms need to become the fiduciaries of their client’s data, trusted information repositories that take security and privacy seriously. The law firm’s own network infrastructures, document management, and third-party relationships are now on the front line of data privacy and security.
