The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/34686
ASK THE VENDOR Firms will have to re-examine how they apply confidentiality standards. name ................................. Keith Lipman, Esquire company . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prosperoware website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .prosperoware.com From the client’s perspective, the assumption of confidentiality is built into any discussion between a client and a lawyer. In reality, a law firm may have only 10 matters out of 5,000 that are blocked from the general firm for confidentiality reasons. This wasn’t nearly as great a problem when we were dealing with physical files that could be locked up. Now that electronic files are ubiquitous and highly searchable, firms will have to re-examine how they apply confidentiality standards. Most likely, this will drive a shift from a centralized model of security control to a decentralized model. In Asia, nearly everything is confidential until it’s made public. In the U.K. and the U.S., nearly everything is public until it is made confidential. That’s going to change over the next decade as western countries progressively move to the Asian model to prevent abuses, such as insider trading schemes, which have become all too common. Everything that formerly was in the physical file is going to have to be coded confidential. A centralized risk management team would be crushed under this model. A decentralized approach introduces the concept of a matter owner for every matter and decentralizes and distributes process and security control to the lawyer in charge of the matter. In this model, the firm retains the ability to set information barriers and determine standards of confidentiality without constraining the responsible lawyer’s ability to manage and secure the matter. When you decentralize and distribute who applies confidentiality standards, you put the decision in the hands of the people who know the matter best. You also address the issue of a matter that changes as work progresses, such as when a matter under advisement becomes a confidential merger and acquisition matter. The technology to prevent data breaches in a virtual practice exists. Web-based software for applying confidentiality standards and decentralizing security rights can live on top of industry-standard enterprise products used in the legal industry, such as iManage WorkSite and Microsoft SharePoint. A decentralized model is the right approach at the right time: privacy and confidentiality concerns — and the fines noncompliance can generate — are reaching crisis proportions. Mathew Kluger, who faces 15 years in prison for what authorities say was a $37 million insider trading scheme, is only the latest case in point. ILTA It will still come down to end- user mistakes or mischief. name ...... Keith Schneider company .... Netdocuments website .. netdocuments.com No matter how robust and secure the application is in the cloud, it will still come down to end-user mistakes or mischief. As it is today, the weakest link in your security is going to be the internal people who handle the data. Most security experts will tell you that 98 percent+ of nefarious data loss or destruction will come from within your organization. In fact, most CIOs tell us they worry more about the loss of thumb drives, email attachments going to personal email services and stolen notebook computers…this will not change. As the legal market moves to more cloud- or SaaS-based services, they will need to be more knowledgeable about industry standards for securing documents or content in transit, as well as at rest. More attention will be placed on device security, end-user responsibility and service providers’ service level agreements (SLAs). ILTA Peer to Peer the quarterly magazine of ILTA 45