Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1227987
45 I L T A N E T . O R G O ne Thursday in late September 2019, a member of the Trump administration hit send on an email and almost immediately regretted it. Without meaning to, they had just emailed House Democrats pages and pages of talking points on the evolving and controversial Ukraine scandal. The document laid out, in excruciating detail, how Republicans were being advised to respond to questions and, despite an attempt at recalling the email, screenshots quickly went viral on Twitter. Innocent mistakes like this happen every single day. And human error is a problem law firms – and every business with sensitive information – must address. And soon. By 2023, Gartner estimates that 65% of the world's population will have its personal information covered under modern privacy regulations, 10% more than what is covered today. In January, California enacted its robust new Consumer Privacy Act that is already being labeled as America's answer to the GDPR. Even under current regulations, many firms are not meeting data protection requirements. The American Bar Association reports that one in every four US law firms is a victim of a data breach. And it is probably much higher considering that almost 20 US states do not require reporting to state officials if a breach occurs. It's not just US firms, either. A recent report from Tim Hyman, a certified Data Protection Officer with over 20 years' experience as an IT Director among the UK's top 20 firms, found that nearly half of the UK's top 150 firms have reported a breach since the GDPR began almost two years ago. Of those, 41% were because an email was sent to the wrong person. Reports from the Information Commissioner's Office (ICO) found that the number of breaches in the UK and European legal industry was rising steadily in the lead up to the GDPR, mostly as a result of human error, like failing to remove metadata from a document, improperly redacting confidential document content, or simply sending highly sensitive information to the wrong person. All these statistics paint a picture of a broader problem – one that is not exclusive to the legal industry or even to the US, but that requires action nonetheless. How can human error be handled? 250 million emails are sent each business day. That's 250 million opportunities to enter the wrong email address, attach the wrong file, or leave in sensitive document metadata. So how can your firm, with its finite resources, deal with the sheer number of potential email data breaches in a single day? Surveys of CIOs in the last 12 months point to three main challenges they face in 2020: scaling security measures to keep up with business growth, checking every security box with a limited budget, and staying on top of new threats without a full-time security analyst. Already, many businesses are relying on AI-powered security applications to work hard and fast behind the scenes to identify potential issues in real-time. But AI isn't a golden ticket to complete data loss prevention. Though an AI approach to preventing data breaches will bolster an IT or security's team ability to prevent and manage incidents, it won't be 100% effective on its own. "But AI isn't a golden ticket to complete data loss prevention."