TAG: Cybersecurity: Lopsider content relating to Cybersecurity Subscribe
Technology’s impact on the legal industry is spurring a growing market for new in-house Talent — and its not just in e-discovery or cybersecurity. At Legalweek West’s “New Roles in IT for Law Firms and Legal Departments,” speakers shed light on several new and less-noticed jobs currently blooming at law firms and legal departments -- innovation officers, data scientists, and Knowledge Management/ Client Solutions Project Analyst (the last one is so 2000 but always important).
New ABA opinion on electronic communications: A fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances. See http://bit.ly/2rjtQFk Among other things, lawyers should understand the nature of the threat and how client confidential information is transmitted & stored; use reasonable electronic security measures; determine how to protect electronic communications; label confidential information, train legal professionals, and conduct vendor due diligence. http://bit.ly/2rjlOfJ
The ACC developed a Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model Controls”) to help in-house counsel as they set/manage expectations regarding the types of data security controls vendors should employ to protect client confidential information. Worth a read. Reminds me of a short checklist I provided a few years back regarding cloud computing that was more focused on information security requirements as legal professionals consider working with vendors (http://bit.ly/2ntICVn).
This ACC webcast examined key developments in cybersecurity law and policy with a look at proposals for new state-level regulations, draft model laws, and ever-tightening requirements for breach notification and response in the US and abroad. The discussion also offered some practical tips on ways that organizations – regardless of size – can take advantage of opportunities to improve their cybersecurity posture through thoughtful participation in sector-specific, regional, and cross-government initiatives.
Third-Party Risk: Creating an Effective Information Security and Data Privacy Assessment Program for Third-party Vendors
This ACC program focused on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors.
Your data is in the cloud. Somewhere, sanctioned or not. Your fellow lawyers and employees are using traditional business applications from 3rd parties in parallel with (or in place of) [...]