Preventing Data Breaches
Written by: Val Pitt
It’s coming up to 2 years since I sold LitSupport to The Information Management Group (TIMG). Finding the right organisation with the resources, will and expertise to take LitSupport’s services to the next level took a long time. Even despite all the careful preparation, due diligence and intensive discussions, there is always an element of the unknown. I am so happy that all my hopes for the collaboration between TIMG and LitSupport have been realised. I can confidently say that with TIMG’s expert collaboration and resources, LitSupport’s services have developed to a whole new level. Our services are now the most comprehensive and secure on the Australian market.
The timing is serendipitous. From next year, the data breach notification obligations arising from the Privacy Amendment (Notifiable Data Breaches) Act 2017 will take effect.
Clearly, law firms are particularly vulnerable to hostile data breaches given the amount of sensitive commercial information legal work generates. In 2009, the FBI released an advisory stating that there had been a “noticeable increase” in efforts to hack into law firms’ computer systems. Australian law firms have not been immune. Last year, in December, the Law Council launched a new information campaign called Cyber Precedent, to provide law firms with information about how to protect its data. This was in response to the increase in cyber attacks on Australian law firms, particularly the use of ransomware, where criminals release locked data for a ransom.
Even if a law firm has reasonable cyber security measures in relation to the data that it generates in its day to day work, these measures may not be enough to adequately secure all the diverse range of raw data generated in the discovery process.
The discovery process includes not only traditional data types such as hard copy and soft copy documents but also sound and video files on various media and increasingly, personal electronic devices for sensitive data extraction. How many law firms can genuinely say that they have best practice in place to protect all raw data that is generated in the discovery process?
Given this, some commentators have recommended that law firms should reduce the risk of data breaches by never touching a client’s unprocessed, raw data. The recommendation is that law firms should let raw data remain on a client’s premises and outsource all information management, processing and hosting to a trusted and well-established service provider.
I agree with this recommendation. Ensuring that a law firm never touches the raw data generated in the discovery process is one important step in protecting the law firm and its clients from data breaches. LitSupport’s services are now the most secure and comprehensive on the Australian market. We can take all of a client’s raw data, both hard copy and soft copy, and store securely off site. We can then process the data in a way that complies with the law firm’s regulatory obligations. We provide the law firm with a customised software platform containing a complete online inventory to enable lawyers to easily identify and retrieve all relevant discovery data at their desks.
However, outsourcing the management of raw data generated in the discovery process does not in any way lessen the law firm’s responsibility for cyber security. Cyber security practices need to become an everyday part of every lawyer’s life. Even practices as simple as training and enforcing rigorous password practices among lawyers can go a long way toward protecting a firm’s data.
Outsourcing the processing and management of discovery data is just one tool in a law firm’s arsenal to prevent data breaches. With rigorous cyber security tools, practices and training, supported by external providers such as LitSupport, a law firm may never need to issue a data breach notification at all!