Data Privacy and Law Firms

BigLaw In Crosshairs As Firm Plans Data Breach Litigation (Law360): A recent article in Law360 by Aebra Coe indicates that two large law firms, Swaine & Moore LLP, and Weil Goshal & Manges LLP may be facing class action malpractice litigation as a result of their recent data breaches.  In this article, Coe reports that Jay Edelson’s law firm, Edelson PC, assembled a team of forensic engineers and attorneys with technology and privacy expertise to build a lab designed to identify key vulnerabilities in the corporate world.[1]  According to the article, based on the team’s research, Edelson’s firm reportedly told law firms that they are attractive targets to hackers for the following reasons:  (1) law firms often have critical and confidential client information on their internal systems; (2) law firms are often behind the curve on technology, and therefore have relatively insecure data security and network protocols and processes; (3) even where firms have security measures in place, getting the more-seasoned partners to follow these practices is often a non-starter.  The full text of the article is here.



As society in general and the legal sector specifically continues to adopt, and embrace technology, privacy issues will continue to be an important concern.  While this article specifically addresses BigLaw firms, this problem faces firms of all sizes including the solo practitioners.  When we lived in the purely physical world of paper and files, we could touch and feel information and it was almost intuitive to address security.  A locked briefcase, a locked filing cabinet, a document retention policy coupled with a secure shredding service and a lawyer was good to go.  As we move to an increasingly virtual world with the ability to store thousands of pages of documents on miniature thumb drives, or in the cloud, on our laptops, our smartphones, suddenly sensitive client data has gone from a piece of paper and perhaps a copy or two to documents seemingly everywhere.

Having worked previously in the technology sector I would argue that only the very biggest Law firms can, or should have the in-house expertise to handle data privacy and to manage their information security.  However, even for the largest law firms this is still going to represent a cost-center which is somewhat antithetical to the whole concept of billable-hours and viewing things in a binary fashion (is this a source of revenue for the firm?  If not, it is a cost).  That being said, until attorneys begin to view cybersecurity and data privacy as necessities, no different from liability insurance or any other recurring overhead expense, they will continue to put their clients and themselves at risk.  Attorneys need to consider the ethical considerations related to the retention and use of confidential client data and if they fail to do so they risk the loss of trust as well as potential litigation.  Here, I would argue that outsourcing makes a great deal of sense for all but the largest law-firms. Let the specialists perform an audit, create a baseline and then move your firm to a state of “reasonable” data security and overall cybersecurity.


[1] Edelson is founder and CEO of the law firm, Edelson PC.  For several months, Edelson’s firm has been looking into potential class action litigation against unnamed firms with respect to data breaches.  Edelson’s lab arrived at the conclusion that the legal industry and the health care sectors are some of the most likely to be targeted by hackers, according to the Law360 article.

Tags: ,

Leave a Reply

You must be logged in to post a comment.


Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. She is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography