The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
10 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2018 BEST PRACTICES Reconciling Need-to-Know Security with Successful Knowledge Management Reconciling Need-to-Know Security with Successful Knowledge Management Recently publicized security breaches have kept cybersecurity at the top of the priority list for many law firms. Today's security landscape is complex: sophisticated security threats are constantly emerging and firms are trying to meet rising customer expectations while adhering to new and existing regulatory requirements. by Ian Raine The Old School Style of Open Security Models In the past, law firms generally allowed their aorneys to access a wide variety of client documents in order to promote knowledge sharing and encourage re-use of prior work product. As long as ethical walls were preserved, this open security model generally benefited both the law firms and their clients – aorneys drawing upon past work were efficient and delivered high quality work, while clients secured beer results at a lower cost. What Today's Law Firms Need In today's digital economy, practically all client documents are stored electronically through systems connected to the internet. The traditional open security approach is no longer a fit as it can allow malicious external and internal actors to access sensitive client information and use it to engage in insider trading, client blackmail, the release of embarrassing documents or otherwise cause significant financial and reputational damage to the firm. Today's firms are implementing more advanced security models to counter these external and internal cybersecurity threats and meet clients' security expectations. Aer witnessing the impact of data breaches such as the Panama Papers, clients are increasingly mandating that their law firms restrict access to their documents only to those who are actually working on their maers. Need-to-know security delivers on this mandate and enables firms of all sizes to keep critical information safe, reduce the damage caused by a successful breach and pass strict client security audits. Government agencies are also cracking down with strict new data privacy and security regulations that require implementation of need-to-know security. Examples include New York State's new 23 NYCRR Part 500 regulation establishing cybersecurity requirements for financial services companies and the EU's General Data Protection Regulation that goes into effect in May 2018.