Data Privacy and Law Firms

BigLaw In Crosshairs As Firm Plans Data Breach Litigation (Law360): A recent article in Law360 by Aebra Coe indicates that two large law firms, Swaine & Moore LLP, and Weil Goshal & Manges LLP may be facing class action malpractice litigation as a result of their recent data breaches.  In this article, Coe reports that Jay Edelson’s law firm, Edelson PC, assembled a team of forensic engineers and attorneys with technology and privacy expertise to build a lab designed to identify key vulnerabilities in the corporate world.[1]  According to the article, based on the team’s research, Edelson’s firm reportedly told law firms that they are attractive targets to hackers for the following reasons:  (1) law firms often have critical and confidential client information on their internal systems; (2) law firms are often behind the curve on technology, and therefore have relatively insecure data security and network protocols and processes; (3) even where firms have security measures in place, getting the more-seasoned partners to follow these practices is often a non-starter.  The full text of the article is here.



As society in general and the legal sector specifically continues to adopt, and embrace technology, privacy issues will continue to be an important concern.  While this article specifically addresses BigLaw firms, this problem faces firms of all sizes including the solo practitioners.  When we lived in the purely physical world of paper and files, we could touch and feel information and it was almost intuitive to address security.  A locked briefcase, a locked filing cabinet, a document retention policy coupled with a secure shredding service and a lawyer was good to go.  As we move to an increasingly virtual world with the ability to store thousands of pages of documents on miniature thumb drives, or in the cloud, on our laptops, our smartphones, suddenly sensitive client data has gone from a piece of paper and perhaps a copy or two to documents seemingly everywhere.

Having worked previously in the technology sector I would argue that only the very biggest Law firms can, or should have the in-house expertise to handle data privacy and to manage their information security.  However, even for the largest law firms this is still going to represent a cost-center which is somewhat antithetical to the whole concept of billable-hours and viewing things in a binary fashion (is this a source of revenue for the firm?  If not, it is a cost).  That being said, until attorneys begin to view cybersecurity and data privacy as necessities, no different from liability insurance or any other recurring overhead expense, they will continue to put their clients and themselves at risk.  Attorneys need to consider the ethical considerations related to the retention and use of confidential client data and if they fail to do so they risk the loss of trust as well as potential litigation.  Here, I would argue that outsourcing makes a great deal of sense for all but the largest law-firms. Let the specialists perform an audit, create a baseline and then move your firm to a state of “reasonable” data security and overall cybersecurity.


[1] Edelson is founder and CEO of the law firm, Edelson PC.  For several months, Edelson’s firm has been looking into potential class action litigation against unnamed firms with respect to data breaches.  Edelson’s lab arrived at the conclusion that the legal industry and the health care sectors are some of the most likely to be targeted by hackers, according to the Law360 article.


Tags: ,


Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Christopher w. FolkChristopher W. Folk

is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Ryan D. White

Ryan D. WhiteRyan is currently a second year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Anna Maria Castillo

is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington. Full biography

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography