Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Meritas' New Cybersecurity Standard Requirement Assures Legal Clients

By Victoria Hudgins
November 01, 2018

Meritas, a nonprofit association of law firms, now requires its law firm members to follow a new cybersecurity standard. The reason for this new standard? Law firms' clients.

“All of what you are seeing is because clients are requiring it of outside resource providers,” explains Tanna Moore, president and chief executive officer of Meritas.

Moore states that law firm clients have a heightened awareness of cybersecurity after recent breaches of law firms' confidential data. The 2016 Panama Papers, where Mossack Fonseca was breached and a plethora of data was exposed, leading to the firm's dissolution, inspired Meritas to develop a cybersecurity standard for the company and its member firms, Moore says.

“We [law firms] really have a lot of confidential information about clients; we need standards about how we store confidential client data,” she explains.

The Minneapolis-based company collaborated with a cybersecurity expert for nine months and announced its 10 cybersecurity standards that current and future Meritas members must follow. Meritas' new cybersecurity standards are:

  1. Requiring a cybersecurity plan specifying what to do if a cybersecurity breach occurs;
  2. Senior management commitment, which Moore called a “culture” requirement where senior management must be committed to safeguarding their data;
  3. Yearly risk and compliance assessment;
  4. Technical safeguards such as encryption;
  5. Physical safeguards, which Moore defined as law firms having policies and procedures in place to ensure physical content and offices are secure;
  6. Employee training;
  7. Verifying a third-party service provider has a cybersecurity plan;
  8. Having a business continuity plan in place to assess if the firm has “appropriate” backup;
  9. Breach response;
  10. Reviewing and updating cybersecurity plans.

Currently, penalties for not meeting the new standards haven't been set. “As the program is just being implemented, we are in the process of determining the long-term consequences,” Moore says. “At this point, we bring issues to the members' attention for them to resolve.”

The new cybersecurity standards are offered as an assurance to clients that law firms in the Meritas association are members of an organization that requires them to be equipped with cybersecurity standards. The way Meritas operates is that if a member law firm has client work that is out of the law firm's jurisdiction, it can refer a fellow Meritas member law firm to that client.

“If they are referring another firm in our organization, they are assuring that this firm has looked at and is aware of cybersecurity plans,” Moore explains.

Meritas has 181 law firm members spread across 90 countries, according to Meritas' website, and finding a simple core of cybersecurity requirements in a sea of differing international regulations was key, Moore says. “We wanted to be able to find the common denominator and simplify it so our firms would understand them.”

*****

Victoria Hudgins is a reporter for Legaltech News, an ALM sibling of Cybersecurity Law & Strategy, where she covers national and international legal tech innovations and developments.

|

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Generative AI and the 2024 Elections: Risks, Realities, and Lessons for Businesses Image

GenAI's ability to produce highly sophisticated and convincing content at a fraction of the previous cost has raised fears that it could amplify misinformation. The dissemination of fake audio, images and text could reshape how voters perceive candidates and parties. Businesses, too, face challenges in managing their reputations and navigating this new terrain of manipulated content.

How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

Warehouse Liability: Know Before You Stow! Image

As consumers continue to shift purchasing and consumption habits in the aftermath of the pandemic, manufacturers are increasingly reliant on third-party logistics and warehousing to ensure their products timely reach the market.