ABA TIPS 2018 Panel – Law Firms at Risk: The Ethical Duty to Protect Client Data in the New Breach Environment
Last week, the ABA’s Tort Trial and Insurance Practice Section (TIPS) met for its annual conference in Los Angeles. Featured among the three days’ worth of programs and panels was a discussion on law firms and the ongoing challenge of protecting client data. “Law Firms at Risk: The Ethical Duty to Protect Client Data in the New Breach Environment,” featured Erica Kitaev, managing editor of Privacy & Data Security with Thomson Reuters, and a host of other experts from U.S.-based firms.
Cliché as it may seem, the panel emphasized that for most firms, the threat of a data breach is not a matter of “if” but “when,” and cited two reports conducted by the ABA in 2016 and 2017 that show for small to mid-size firms (10-45 attorneys), more than 35 percent have experienced a breach or security incident, while for larger firms (500+ attorneys), more than 25 percent have experienced a breach or security incident.
The panel, like so many other conversations on data security, explored how firms manage technology and the persistent threat of hackers, but as Randy Curato, vice president of Loss Prevention, Counsel, Attorneys Liability Assurance Society, noted, explained, attorneys shoulder some of the blame for their use of social media to increase their public profile. He noted that the old maxim “loose lips sink ships” should be front-of-mind for practitioners, explaining that not only can a robust social media presence increase legal risk through “oversharing” about their work or firms, but it may make a firm an enticing target for bad actors. As moderator Jana Landon of Stradley Ronon Stevens & Young added, the use – or rather misuse – of common workflow tools, like insecure file-sharing services, can be tantamount to “leaving your secure documents at a bus stop.” But in spite of these increased risks, the panel did explain that simply being aware of potential threats can be an asset.
“While not every attorney has to be a data privacy specialist, every attorney should be aware of data privacy issues and how they may intersect with their daily work,” Kitaev noted.
Andrea Joffe, manager of Event Strategy and Programming with Thomson Reuters, contributed to this post.