TAG: Security: LegalEthics.com resources relating to Security. Subscribe
Technology’s impact on the legal industry is spurring a growing market for new in-house Talent — and its not just in e-discovery or cybersecurity. At Legalweek West’s “New Roles in IT for Law Firms and Legal Departments,” speakers shed light on several new and less-noticed jobs currently blooming at law firms and legal departments -- innovation officers, data scientists, and Knowledge Management/ Client Solutions Project Analyst (the last one is so 2000 but always important).
New ABA opinion on electronic communications: A fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances. See http://bit.ly/2rjtQFk Among other things, lawyers should understand the nature of the threat and how client confidential information is transmitted & stored; use reasonable electronic security measures; determine how to protect electronic communications; label confidential information, train legal professionals, and conduct vendor due diligence. http://bit.ly/2rjlOfJ
The ACC developed a Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model Controls”) to help in-house counsel as they set/manage expectations regarding the types of data security controls vendors should employ to protect client confidential information. Worth a read. Reminds me of a short checklist I provided a few years back regarding cloud computing that was more focused on information security requirements as legal professionals consider working with vendors (http://bit.ly/2ntICVn).
This ACC webcast examined key developments in cybersecurity law and policy with a look at proposals for new state-level regulations, draft model laws, and ever-tightening requirements for breach notification and response in the US and abroad. The discussion also offered some practical tips on ways that organizations – regardless of size – can take advantage of opportunities to improve their cybersecurity posture through thoughtful participation in sector-specific, regional, and cross-government initiatives.
Third-Party Risk: Creating an Effective Information Security and Data Privacy Assessment Program for Third-party Vendors
This ACC program focused on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors.