Cybersecurity and personal privacy are real and compelling concerns.  Whether we know it or not, virtually everyone has been victimized by data breach. Lawyers are tempting targets to hackers because, lawyers and law firms hold petabytes of sensitive and confidential data.  Lawyers bear this heady responsibility despite being far behind the curve of information technology and arrogant in dismissing their need to be more technically astute.  Cloaked in privilege and the arcana of law, litigators have proven obstinate when it comes to adapting discovery practice to changing times and threats, rendering them easy prey for hackers and data thieves.

Corporate clients better appreciate the operational, regulatory and reputational risks posed by lackluster cybersecurity.  Big companies have been burned to the point that, when we hear names like Sony, Target or Anthem, we may think “data breach” before “electronics,” “retail” or “health care.”  The largest corporations operate worldwide, so are subject to stricter data privacy laws.  In the United States, we assume if a company owns the system, it owns the data.  Not so abroad, where people have a right to dictate how and when their personal information is shared.

Headlines have forced corporate clients to clean up their acts respecting data protection, and they’ve begun dragging their lawyers along, demanding that outside counsel do more than pay lip service to protecting, e.g., personally-identifiable information (PII), protected health information (PHI), privileged information and, above all, information lending support to those who would sue the company for malfeasance or regulators who would impose fines or penalties.

Corporate clients are making outside counsel undergo security audits and requiring their lawyers institute operational and technical measures to protect company confidential information.  These measures include encryption in transit, encryption at rest, access controls, extensive physical security, incident response capabilities, cyber liability insurance, industry (i.e., ISO) certifications and compulsory breach reporting.  For examples of emerging ‘standards,’ look at the Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information lately promulgated by the Association of Corporate Counsel.

Forcing outside counsel to harden their data bulwarks is important and overdue; but, it’s also disruptive and costly.  Many small firms will find it more difficult to compete with legal behemoths.  Savvier small firms, nimbler in their ability to embrace cybersecurity, will frame it as a market differentiator.  At the end of the day, firms big and small must up their game in terms of protecting sensitive data.

Enhanced cybersecurity is a rising tide that floats all boats.

Well, maybe not all boats.  Let me share who’s likely to get swamped by this rising tide: requesting parties (or, as corporations call them “plaintiffs’ lawyers”), and their experts and litigation support providers.  Requesting parties and others in the same boat will find themselves grossly unprepared to supply the rigorous cybersecurity and privacy protection made a condition of e-discovery. Continue reading →

I haven’t posted in ages per the Mr. Ed Rule.  For those too young to remember the talking horse of early-60s TV, the theme song says, “Mr. Ed will never speak unless he’s got something to say.”  Sorry, Wilbur.  I just didn’t have anything to say, and didn’t wish to waste your time.  But, now I’ve got something worth writing about, and a gift to share.

Last year at this time, I wrote about Bill Hamilton and the excellent, intimate e-discovery conferences he convenes in central Florida at the University of Florida, Levin College of Law.  The UF campus is in Gainesville, and to be honest, it’s not an easy place to reach unless you’re an alligator or live in Charlotte, Atlanta or Miami.  I fly to Orlando and drive two hours.  So, you’ve really got to want to go to Gainesville.  And, thanks to Bill and his distinguished UF Law E-Discovery Project, I often do want to go there.  So should you. Here’s why:

Bill has generously allowed me to make you, dear reader, my guest at the fourth annual EDRM E-Discovery Conference on March 30.  Free, on campus or via the webcast, from anywhere.  Free is my favorite price.  How about you?

Free wouldn’t mean much if what you got wasn’t valuable.  This conference is always a good one.  Check out the agenda.  Bill has countless friends in the e-discovery space and when he calls, many make the trek to Gainesville to support this fine event.  It’s going to be good.

Now, let me sweeten the pot.  There’s an included breakfast, lunch and reception.  Need more?  This morning, it costs $97.00 to fly to Gainesville from LGA or JFK (via Miami) on American Airlines.  From Washington, D.C., how about 83 bucks nonstop on United?   It’s balmy in Gainesville, folks, mid-80s!  To get there from the forty degrees colder Boston, a flight is just $97.00.  At those prices, the free admission pays the airfare, and you get to hang with and learn from a great bunch of people.  Did someone say, ROAD TRIP!?!?!

To get free admission, go to the Conference registration page and locate the link for “Enter promotional code,” in the lower right.  Enter the code CBall16 and marvel as all the registration options change to “Free.”  Don’t hesitate.  Use it now.  Hope to see you there.  We can thank Bill together as we enjoy our free lunches.