Hacking of Legal Firms Reinforces Obligation and Need to Protect Sensitive Client Data


Thought Leadership

Hacking of Legal Firms Reinforces Obligation and Need to Protect Sensitive Client Data

Zix Staff

Data breaches are a common headline. So much so that we may begin to glance over them, until an incident relevant to our personal lives wakes us up. Law firms are experiencing just that with breaking news about hackers who targeted Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies. From managing lawsuits to negotiating mergers and acquisitions, Cravath and Weil collect, store and exchange massive amounts of sensitive information that is valuable to both criminals and competition. The same is true of any law firm across the country.

Whether your practice focuses on families or corporations, your clients trust you to protect their data and their privacy. You also have ethical obligations to take reasonable steps to protect your clients’ data and privacy. Model Rule 1.6 of the American Bar Association Model Rules of Professional Conduct states:

“A lawyer shall make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client.”

In determining the reasonableness of data security efforts, the ABA provides the following, non-exclusive list of factors:

  • the sensitivity of the information,

  • the likelihood of disclosure if additional safeguards are not employed,

  • the cost of employing additional safeguards,

  • the difficulty of implementing the safeguards, and

  • the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

Like any business, email is critical to communicating sensitive attachments and strategies with clients and outside business associates. If you aren’t protecting email, it’s as easily disclosed as the note on a postcard traveling through the mail.

The common practice of using confidentiality disclaimers does not prevent use of the data if intercepted and therefore may not fulfill lawyers’ ethical or legal obligations. What does fit the ABA’s guidance is email encryption.

Email encryption makes sensitive data indecipherable to unintended recipients, and advances in ease of use make email encryption transparent. Without passwords or extra steps for senders and recipients, secure email is as easy to use as regular email. Zix Email Encryption is just that easy, which is why the number of law firms that use our solution has steadily increased over the last five years.

John Bonandrini, Director of Information Technology for Foster Swift Collins & Smith, PC, sums it up perfectly:

“We’ve earned the trust of our clients, and to keep that trust, we remain committed to meeting and exceeding industry standards. The implementation of email encryption is an example of our leadership among our peers and an extra measure that our clients can rely on to protect their best interests.”

To learn why Foster Swift chose Zix, read our recent press release. For more information about Zix Email Encryption, visit zixcorp.com or contact sales.