ABA Journal – “Equifax. Yahoo. Anthem. Sony. In the past few years, these companies experienced some of the most significant data breaches to date. And all of these companies found themselves subject to intense worldwide media coverage over their failure to secure their information. The industries affected—from health care to entertainment—know all too well that the struggle to secure data in the digital age never ends. While individual businesses within these industries will continue to find themselves vulnerable to breaches, they have an advantage over law firms. They have been fighting this battle for a long time. The legal industry is lagging well behind when it comes to data security, says Rich Santalesa, a member of the boutique cybersecurity firm SmartEdgeLaw Group and of counsel to the New York City-based Bortstein Legal Group. “Law firms as a whole can learn a lot about cybersecurity by looking at other industries,” says Santalesa. “Unfortunately, other industries have had to learn their lessons the hard way—by having breaches that have received media attention.” Santalesa says data security involves three different, simultaneous focuses: “the technology, the people you have, and needs of the industry in which you work.” In addition, data security can’t be a one-size-fits-all situation. The cybersecurity needs of a small law firm will be different than the needs of an international firm, just like the needs of Target are different from the needs of a small retail website. However, all law firms, just like all businesses, must pay close attention to the applicable privacy laws, Santalesa says. The legal industry needs to pay special attention to the changes in privacy law coming from the European Union. Companies worldwide are responding to the General Data Protection Regulation, which sets guidelines for the collection and processing of personal information of individuals within the European Union.
The GDPR is “scaring everyone because the penalties for failing to protect personal data are high,” says Charles Gold, chief marketing officer for Virtru, an encryption and data protection company. “If you are doing business with Europeans, you need to be very conscious about GDPR and the requirements for protecting personal data,” he says. Gold points out that Europe tends to blaze the trail when it comes to privacy laws, so “even if you aren’t doing business in Europe, you need to know that the same kind of regulation as GDPR is coming soon to a country near you. “Giddyup and get ready,” Gold says…”