Fixing the Impossible
24/7 (202) 973-1300   

Judgement Day for U.S. Law Firms And Data Security

Share on facebook
Share on twitter
Share on linkedin

It was only a matter of time before the legal industry was thrust under the cybersecurity incident magnifying glass in the form of litigation. On December 9, Chicago-based Johnson & Bell was named in the first public data security class action complaint against a U.S. law firm.

A law firm is a very attractive repository of personally identifiable information and other confidential data in the eyes of a cyber attacker. While law firms have for years played a key, and necessary, role in data security planning and data breach incident response on behalf of many of their clients, the legal industry itself had not fallen victim to a large attack or experienced far-reaching reputational damage as a result. Yet public disclosure of the filing against Johnson & Bell is the tip of the proverbial iceberg.

In May 2016, the Panama Papers leak of 11.5 million documents with detailed financial and attorney-client privileged information for numerous offshore entities revealed the vulnerability of the legal sector in an unprecedented manner. Panamanian law firm Mossack Fonseca™’s initial response following the leak “did not address any of the specific due diligence failings uncovered by reporters,” per the Miami Herald. It was as though law firms had not taken the same risk management steps which they had historically advised their own clients to follow. Not only that, but whether law firms could communicate effectively with clients and key stakeholders regarding the level of data security preparedness within the firm was called into question.

Not unlike healthcare and financial services, information security is perhaps the biggest assurance that clients depend on when electing legal representation. The ability to protect confidentiality is also the most significant determining characteristic of a law firm™’s reputation. But in a reality of increasingly frequent and sophisticated cybercrime, no organization, no matter its size or security, is safe. Johnson & Bell has said the firm is prepared to defend itself in court. Only time will tell whether other firms are prepared to defend their own operational security standards, or not.

More Posts

The Middle Road

“I was lyin’ with my mess-mates on the cold and rocky ground When across the lines of battle came a most peculiar sound Says I

A Gift for the New Year

Celebrate the new year by watching this TED talk on finding happiness through gratitude. Want to be Happy? Be Grateful The one thing all humans

The Land of Enough

“Who is rich? One who is happy with their portion.” – The Mishnah My mother died on Christmas Eve, 1961, when I was four, my