Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk.

Published byClement Christopher Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk."— Presentation transcript:

1 Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk LLC, A Chertoff Group Company July 13-14, 2015 San Francisco- Hyatt Regency

2 Security – 2015’s Biggest Threat to Client Confidentiality Panel Discussion: – Joseph Abrenio, Vice President of Cyber Advisory Services and General Counsel, Delta Risk LLC. – Gillian Glass, Director of Practice Support and Records, Farella Braun + Martel, LLP. – James McKenna, Director: Infrastructure and Administrative Systems, Morrison & Foerster, LLP. Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

3 Agenda Understanding how confidential client data is stored in your firm What is the proper standard of care for client data Industry Standard Audits and Assessments – ISO 27001 Certification – NIST Cyber Security Framework (CSF) Implementing cybersecurity protocols and mechanisms Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

4 Understanding how Confidential Client Data is Stored Migration from hardcopy records to a “paperless” office Electronic storage and retention Local Access Remote Access Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

5 What is the Proper Standard of Care for Client Data Legal Obligations Ethical Obligations Outside Counsel Guidelines What does it all mean? Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

6 What is the Proper Standard of Care for Client Data Legal Obligations – Currently 48 states have enacted breach notification laws – Still talk of a Nationwide breach notification – Breach notification requirements could prove devastating to a Law Firm’s Reputation – Nevada District Ct. finds no standing to sue where the only risk is a potential for future harm – CA N.D.: finds standing to sue where costs of credit monitoring, password protection, or threatening e-mails are sufficient to show harm Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

7 What is the Proper Standard of Care for Client Data Ethical Obligations -ABA Model Rules of Professional Conduct: 1.1: Attorneys must keep abreast of changes in the law – including risks and benefits of technology – 1.15 (safekeeping property) may include electronically stored information 1.6: Attorneys must take reasonable precautions with client data (storage and transmission) 5.3: Using cloud based storage – attorney must take reasonable precautions to safeguard client data Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

8 What is the Proper Standard of Care for Client Data Ethical Obligations - Continued – CA (Prof’l Resp. and Conduct Op. 2010-179): Attorney must take reasonable steps to ensure use of technology does not expose confidential client data – AZ (Ethics Op. 05-04): Attorney must have expertise to assess HW/SW & Network for data safeguards OR must retain an expert to do so – NJ (Ethics Op. 701): Documents transmitted via email over the internet should at a minimum be password protected – NY (Ethics Op. 842): use of third-party provider to store client data – MUST exercise reasonable care to protect client data – PA (Ethics Op. 2011-200): 15-point list of steps a firm may take to exercise reasonable care of client data storage (cloud based) Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

9 What is the Proper Standard of Care for Client Data Legal Considerations (Discovery) – WA: Kyko Global, Inc. v Privthi Solutions – 5-factor balancing test Reasonableness of precautions taken Amount of time required to mitigate the error Overall scope of the discovery effort Depth and breadth of the disclosure Impact on the fairness of the proceeding – MD: Victor Stanley, Inc. v. Creative Pipe, Inc. Search parameters of electronic information not verified Insufficient review prior to disclosure of items RESULT: 165 otherwise confidential documents produced for opposing counsel ruled admissible Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

10 What is the Proper Standard of Care for Client Data Outside Counsel Guidelines Compliance with client requests may conflict with or supersede firm’s policies Requires process for review of guidelines Requires education for attorneys negotiating engagements Requires publication within firms so all affected parties are aware of restrictions Requires periodic updates Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

11 What is the Proper Standard of Care for Client Data What does it all mean? -Proper Standard = Reasonable Care -May vary based on client needs and sensitivity of data -Continuously evolving to match the pace of technological change -Lawyers and Law Firms have to adapt and garner situational awareness Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

12 Industry Standard Audits and Assessments Applying the Industry Standards to Identify Risk – ISO 27002:2013 Security: Risk based framework Due Care: internationally recognized & externally certifiable Compliance: legal, regulatory, and security – NIST Cyber Security Framework (CSF) – Law Firms Certification Status 20 Firms & 16 Legal Vendors currently ISO 27001 Certified ~ 40 firms & 4 Legal Vendors working towards or investigating certification Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

13 Industry Standard Audits and Assessments (Continued) Developing a baseline Addressing the Risk Factors (14 Domains) – Information Security Policies – Organization of Information Security – Human Resource Management – Asset Management – Access Control – Cryptography – Physical and Environmental – Operations Security – Communications Security – System Acquisition, Development, and Maintenance – Supplier Relationships – Incident Management – Business Continuity Management – Compliance (Internal & External) Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

14 Implementing Cybersecurity Protocols and Mechanisms Cybersecurity: The Human Element Cybersecurity: The Process Element Cybersecurity: The Technology Element Legaltech West CoastJuly 13-14, 2015 San Francisco- Hyatt Regency

Download ppt "Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk."

Similar presentations

Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Environmental Management System (EMS)

Environmental Management System (EMS)
Security and Personnel

Security and Personnel
TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1.

TECHNOLOGY & ETHICS Association of Corporate Counsel ©
Avoiding Sanctions & Surprises The ethics of discovery Kat Meyer, Esq. President of Conquest eDiscovery, LLC.

Avoiding Sanctions & Surprises The ethics of discovery Kat Meyer, Esq. President of Conquest eDiscovery, LLC.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Information Asset Classification

Information Asset Classification
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Ethical Issues in E-discovery Across the Globe Jonathan Sachs, Esq. Robert Jones, EMEA.

Ethical Issues in E-discovery Across the Globe Jonathan Sachs, Esq. Robert Jones, EMEA.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Similar presentations

Ads by Google