Many law firms today struggle with managing the many different data security requirements for their corporate clients. A large law firm could have relationships with hundreds of corporate clients, and while smaller firms may have fewer corporate clients, they still must manage the data security requirements for each. This important obligation can be burdensome to a firm of any size.
Law firms become a repository for data belonging to every client. In the past, a corporate client asks the law firm to complete a data security spreadsheet or a document outlining the data security requirements for a repository holding the corporation’s data. The law firm then designates an individual, hopefully a security expert, to fill out the spreadsheet or attest to the controls contained therein. Before now, there was no standardized set of security controls, so each company or industry has a different spreadsheet with differing requirements, and the firm answered a different set of questions for every corporate client, sapping time and effort away from other projects at the firm.
These burdensome processes have come to a head, pushing the Association of Corporate Counsel to develop the Data Steward Program. The program standardizes data security protocols across the industry and offers a single controlled repository for law firms to assess and benchmark their security posture. The standards are based on best-of-breed security frameworks, offer law firms defensible due diligence, and levels the security playing field between firms when competing for new business from corporate clients.
Other industries have successfully designed and implemented data security or cybersecurity standards and regulations for how to manage and secure data:
- Health care was one of the first fields to implement standards to secure private, personal information.
- The banking industry has stringent regulations and protocols for handling banking data.
- Publicly traded companies have due diligence requirements that include data security and privacy.
Until now, law firms have muddled along with standards being pushed by individual corporate clients. The new ACC DSP offers law firms the opportunity to prove and disclose their security practices to those clients with which they do business.
In addition, law firms can take their security posture one step further by seeking accreditation by highly skilled accreditors and companies like the ETRM Group. We are the first of the ACC’s accredited assessors, offering service to corporations, law firms and government agencies.
Learn more about the ACC’s Data Steward Program from our white paper. Click here to download.