Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

CybersecurityFeaturesLaw Firm Client RelationshipsTechnology Media and TelecomCybersecurity Law & Strategy

Meritas' New Cybersecurity Standard Requirement Assures Legal Clients

By Victoria Hudgins
November 01, 2018

Meritas, a nonprofit association of law firms, now requires its law firm members to follow a new cybersecurity standard. The reason for this new standard? Law firms' clients.

“All of what you are seeing is because clients are requiring it of outside resource providers,” explains Tanna Moore, president and chief executive officer of Meritas.

Moore states that law firm clients have a heightened awareness of cybersecurity after recent breaches of law firms' confidential data. The 2016 Panama Papers, where Mossack Fonseca was breached and a plethora of data was exposed, leading to the firm's dissolution, inspired Meritas to develop a cybersecurity standard for the company and its member firms, Moore says.

“We [law firms] really have a lot of confidential information about clients; we need standards about how we store confidential client data,” she explains.

The Minneapolis-based company collaborated with a cybersecurity expert for nine months and announced its 10 cybersecurity standards that current and future Meritas members must follow. Meritas' new cybersecurity standards are:

  1. Requiring a cybersecurity plan specifying what to do if a cybersecurity breach occurs;
  2. Senior management commitment, which Moore called a “culture” requirement where senior management must be committed to safeguarding their data;
  3. Yearly risk and compliance assessment;
  4. Technical safeguards such as encryption;
  5. Physical safeguards, which Moore defined as law firms having policies and procedures in place to ensure physical content and offices are secure;
  6. Employee training;
  7. Verifying a third-party service provider has a cybersecurity plan;
  8. Having a business continuity plan in place to assess if the firm has “appropriate” backup;
  9. Breach response;
  10. Reviewing and updating cybersecurity plans.

Currently, penalties for not meeting the new standards haven't been set. “As the program is just being implemented, we are in the process of determining the long-term consequences,” Moore says. “At this point, we bring issues to the members' attention for them to resolve.”

The new cybersecurity standards are offered as an assurance to clients that law firms in the Meritas association are members of an organization that requires them to be equipped with cybersecurity standards. The way Meritas operates is that if a member law firm has client work that is out of the law firm's jurisdiction, it can refer a fellow Meritas member law firm to that client.

“If they are referring another firm in our organization, they are assuring that this firm has looked at and is aware of cybersecurity plans,” Moore explains.

Meritas has 181 law firm members spread across 90 countries, according to Meritas' website, and finding a simple core of cybersecurity requirements in a sea of differing international regulations was key, Moore says. “We wanted to be able to find the common denominator and simplify it so our firms would understand them.”

*****

Victoria Hudgins is a reporter for Legaltech News, an ALM sibling of Cybersecurity Law & Strategy, where she covers national and international legal tech innovations and developments.

 

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit Image

Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.

Fresh Filings Image

Notable recent court filings in entertainment law.