If Your Law Firm Suffers a Data-Breach, Maybe You Do Too

Lawyers often have access to clients’ sensitive commercial, operational and other information. But lawyers can also possess similar information about their clients’ clients and customers (such as when a lawyer represents a healthcare company). As a result, lawyers, like employees, face the risk of a lost, stolen or breached mobile device, laptop or – most problematic – data retention mechanisms that can affect their clients’ profits, and perhaps their continuing economic viability.

Both clients and their outside counsel holding sensitive information are at risk of losing such data as the result of an adverse cyber incident, such as a hacker intrusion or loss of tangible property, such as laptops and hard drives. It doesn’t matter whether the harm is attributable to malicious activity or simple employee or third-party negligence, in many cases the effect of a cyber incident can be devastating to the economic viability of the business.

Adoption of best practices will reduce the risk of a cyber, privacy and technology (CPT) incident. Outside counsel’s deployment of a best practices regime can help reduce the premium for CPT insurance. Insurers will review your vendors’ systems as well as yours, and the more robust your company’s and your vendors’ protections are, the lower your CPT premium. It’s a significant and critical risk/benefit analysis. In considering risks and exposures, you need to evaluate and account for those presented by outside entities and persons holding your company’s or law firm’s sensitive information.