Well, it's not precisely new. As pal Dave Ries reminded me, I had missed covering the March 29th announcement by the Association of Corporate Counsel (ACC), a global legal association representing more than 42,000 in-house counsel in 85 countries. The announcement concerned the release of safety guidelines for outside counsel who have access to sensitive company data as part of their engagements with corporate law departments. The guidelines, "Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information," will serve as a benchmark for law firm cybersecurity practices.
The guidelines address information retention/return/destruction, data handling and encryption, data breach reporting, physical security, employee background screening, and cyber liability insurance. The model requirements are based on ACC members' experience, past data security audits, and learned best practices in ensuring that sensitive client data remains confidential.
The guidelines were issued after the ACC Chief Legal Officers (CLO) 2017 Survey finding that information privacy and data breaches/protection of corporate data were ranked as "very" or "extremely" important by two-thirds of CLOs and general counsel (GCs). Since 2014, the percentage of GCs and CLOs expressing data breaches as "extremely" important rose from 19 percent to 26 percent in 2017.
Many corporate law departments conduct data security audits when they retain a new law firm, a responsibility increasingly held by corporate legal operations professionals that manage outside counsel relationships. According to the ACC Foundation: The State of Cybersecurity Report, more than a quarter of in-house counsel are "not confident" or "not sure" regarding their law firms' data security. The ACC guidelines will give companies a benchmark when creating their own requirements for outside counsel, or when initiating a security audit.
Want the legal work? Looks like following these legal standards may be required by many current or potential clients.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology