Addressing The Weakest Link In Data Security… The Law Firm

Companies put a lot of money and effort into securing data. And then they just hand it all over to law firms willy-nilly.

There’s a reason why some of the highest profile data breaches targeted law firms — they have access to a lot of Fortune 500 data but don’t necessarily boast Fortune 500 data protections. And figuring out whether the firm is up to snuff takes time and energy that legal departments don’t necessarily have to spare.

A whopping 70 percent of legal departments lack the necessary tools and methods to assess law firms data security, and of those that do, nearly 30% are dissatisfied with their process.

But the Association of Corporate Counsel has taken the initiative to act as a quasi-regulator on this score. The ACC Data Steward program seeks to offer in-house counsel a consistent clearinghouse of law firm data security. Centralized standards, backed with real-time updating, scoring law firms to give clients peace of mind.

The process is straightforward:

1. Law firm licenses access to DSP self-assessment.
2. Law firm conducts self-assessment in DSP-Exchange SaaS platform. Firms may optionally apply for ACC Accreditation by engaging independent ACC-approved assessors to validate results.
3. Platform provides both high-level scoring on scale of 0-100 as well as drill down-detail.
4. The Dashboard view allows firms to share assessment results with their clients’ in-house legal and information security teams. One self-assessment can be shared with all of a firms’ clients.
5. Firms update DSP Exchange on a regular basis as their security profile changes. Scores update immediately and can be reviewed by clients in real time.
6. ACC releases updated versions of controls as global standards change and new threats emerge.

Law firms looking to really tout data security can apply for ACC Accreditation, providing independent verification.

This is what common sense looks like. There’s nothing gained in saddling every general counsel out there with the responsibility to evaluate every firm. The economies of scale kick in when one entity is able to provide consistent findings across multiple firms that clients can compare.

Any firm that hasn’t signed up for this yet needs to get on it, because clients are going to start demanding these scores soon enough.

Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.