Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Get a (Law) Firm Grip on Data Breaches

By David Ray and Reggie Pool
June 02, 2015

Law firms are as much at risk for cyber attacks as any other industry, a point emphasized in a recent internal report at a major bank that warned employees about the threat of attacks on the networks and websites of big law firms, according to the New York Times. See, “Citigroup Report Chides Law Firms for Silence on Hackings.”'Because of the lack of reporting requirements in the industry, it is unclear how many breaches have actually occurred. Law firms have been relatively unwilling to share information about security breaches because of potential concerns about how that information would affect their credibility. In fact, digital security at many law firms, despite improvements, generally remains below the standards set for other industries. Fortunately, law firms are now recognizing the risk and beginning to take preventive action. This article describes some of the reasons law firms are cyber-attack targets, steps they can take to reduce their risk, and what clients are doing to encourage law firms in those efforts.

Law Firms As Targets

It should not be a surprise that law firms are ripe targets for data breaches. Their data and document repositories may contain a variety of sensitive information ' not only traditionally privileged information, but also competitive information related to their clients' business strategies and other forms of private data held in connection with client work. For example, a law firm may not accept credit cards, but it may have payment card information as part of a matter it is handling. Similarly, while a law firm may not be a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), it might be considered a “business associate” under the Health Information Technology for Economic and Clinical Health Act (HITECH) because of the services it provides to HIPAA-covered entities.

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?