Clients, long used to data security issues, are demanding that
their law firms take security seriously, too.
BY ALAN COHEN
DAVE WHEELER/ THEISPOT.COM
Compliance, it turns out, is in a family way. Forget the days when companies only had to look out for themselves—now there are all
these other folks to worry about. For many businesses that are required
to safeguard sensitive information, such as financial data and patient
records, it is no longer enough to make sure they are complying with
regulatory statutes. They need to ensure that business partners who
handle this information are complying, too.
Some companies are extending their security and privacy checks
by choice, proactively battening down the hatches (not a bad idea in a
day when one data breach can wipe out years of goodwill). Many more,
though, are simply required to do it. Changes to some existing regulatory structures—notably, extensions to the Health Insurance Portability and Accounting Act—are resulting in a “trickling down” of the
rules, with a company’s “business associates” (as the 2009 extensions to
HIPPA call them) now needing to follow them as well. Law firms, not
surprisingly, fall squarely into this category, and companies are starting
to look closely—often very closely—at their outside counsel’s IT security measures and policies.