Skip to content

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.

Client Experience

Enhancing client relationships with better data privacy and security practices

· 6 minute read

· 6 minute read

Having strong data privacy and protection initiatives should be paramount for any law firm.

A data breach can be catastrophic for a law firm. Getting hacked will disrupt your day-to-day operations. It could cost you a substantial amount of money. Worst case, your firm’s livelihood could be threatened if too many clients depart after the breach, or if your firm gets hit with lawsuits claiming that you have inadequate data protections. 

If your firm hasn’t buttressed its data privacy infrastructure, it’s long past time to do so. 

Letting your clients’ most valuable information (dates of birth, marriage records, estate details) fall into the hands of intruders will shake your clients’ confidence in your firm. And noting that a data breach wasn’t your fault, that a third party was to blame, won’t cut it anymore—the buck stops with your firm. You need to ensure that your security practices are robust and up to date. Doing so won’t just be for your protection. It’s how you can strengthen your firm’s relationships with clients. 

Jump to:

icon-orange abcs  Data breaches are getting costlier

  Are data security risks high in law firms?

icon-speaking bubble
  Protecting yourself and your clients

  How do law firms protect data?

  Use a secure, personalized client portal

 

GIF of quiz home page with title — Client experience assessment

 

 

Data breaches are getting costlier 

Law firms are becoming popular targets for hackers. This summer, news broke that three major law firms—Kirkland & Ellis, K&L Gates, and Proskauer Rose—were breached by the ransomware group Cl0p. Proskauer Rose acknowledged another case where a vendor it had contracted to set up an internet-based platform allegedly left the platform exposed to a breach 

And data breaches are getting costly. As per IBM’s most recent Cost of a Data Breach report, the global average cost of a data breach in 2023 was $4.45 million, a 15% increase from 2020. For professional services organizations such as law firms, a data breach’s average cost is slightly higher, at $4.47 million.  

That’s why a majority of the firms that IBM surveyed said that they plan to up their security investments, such as heightened incident response planning and testing, better employee training, and upgraded threat detection and response tools. 

 

Are data security risks high in law firms? 

Law firms should consider making such substantial upgrades to their data security practices because their risks of exposure are not going away. They may well be rising. There’s a simple reason why: hackers consider law firms to be soft targets. 

All too often, law firms haven’t done the data privacy technology upgrades that many banks and financial advisories have undertaken in the past decade. A smaller law firm may consider itself to be too minor an enterprise to warrant a hacker’s attention, but that’s a great misconception. 

Any law firm of any size offers an ideal information vault for hackers to crack open. Identity thieves will feast on a database that’s stocked full of client Social Security numbers, phone numbers, tax documents, property deeds, and estate/retirement plans, all of which can be exploited for fraudulent purposes.  

 

Protecting yourself and your clients 

Protecting client data is also protecting yourself and your client relationships. Data security is integral to the lawyer-client bond. See the American Bar Association’s Rule 1.6: Confidentiality of Information, which entails that “a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” If a client’s information is exposed in a data breach due to their law firm’s perceived negligence, the firm is arguably violating this rule. A client may well feel betrayed and take their business elsewhere. 

Lawsuits are another factor. Data breaches have led to several class action lawsuits of late which claim that the breached law firm lacked adequate data protections. For example, Orrick, Herrington & Sutcliffe is being sued in a federal class action by a claimant representing the roughly 153,000 people exposed in a data breach, many of whom were clients of healthcare providers for which the firm provided services. The lawsuit claims that the firm did not take reasonable measures to ensure their systems were protected, failed to prevent and stop the breach, and did not provide timely notice of the breach to victims.  

 

How do law firms protect data? 

There are a number of steps that a law firm can take to better secure its data. 

Audit and monitor your vendors 

Third-party vendors who handle your firm’s data processing needs can often be the weak link exploited by fraudsters. Quinn Emanuel Urquhart & Sullivan, for example, recently said that a vendor that it used to process its e-discovery data was the victim of a ransomware attack. Before hiring a vendor, run an audit on their security practices to be sure that they’re up to par. After all, a vendor who cuts corners on data privacy isn’t only taking its own risks. It’s taking risks for your firm, too. 

Conduct regular internal audits and look for loopholes 

Establishing data privacy procedures and implementing a protection regime isn’t a one-and-done deal. Hackers keep discovering fresh ways to break into security systems, so your firm needs to be equally agile. Consider running regular internal audits to make sure that your company is up-to-date with any technology changes or threats. 

Authenticate, and then authenticate again 

 It’s important to have a multi-factor authentication system in order to access any database. A law firm may require authentication at the local site (a lawyer’s workspace or home office) and then have further authentication conducted remotely by a security firm employed as a backup security measure. 

Use secure client portals 

Want to reduce the chances of a breach exploiting your firm’s database? Shift client information into secure cloud-based client portals, featuring multi-factor authentication and a host of other real-time updated and maintained top-of-the-line protections. This way even the smallest law firm can protect their clients with the vast data security infrastructure of a large multi-national security provider. 

 

You can’t be too secure 

It’s essential for a law firm to have a stable flow of valuable, long-term clients. Providing advice and quality services to them is the heart of your firm’s business and drives its growth. Why threaten this by being unprepared on the data security front? Database protections aren’t an extra; they’re essential. 

The stronger that your firm is protected against potential data breaches, the stronger the ties between your firm and its clients.

 

Cover of Client Portals Checklist

 

 

More answers