The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 36 SO JUST HOW LUCRATIVE IS THIS WORK? Baker's Mr. Hengesbaugh says, "It depends on the type of project. If it's a data security breach, it tends to be very elastic." Ms. Yates says her firm pays $450 to $900 per hour — well above average rates at big law firms — because it wants senior legal minds on such sensitive assignments. Next up: class-action lawsuits, hamstrung until now by the need to show harm from data breaches. That hurdle led to the dismissal of two class actions against Downers Grove-based Advocate. More lawsuits are pending. "When a company leaves their customers flapping in the wind, cases will be brought," Chicago plaintiffs' attorney Joe Siprut says. "As data beaches continue to occur, case law will become more refined." Mayer Brown's Ms. Eisner agrees that class actions are the next chapter: "Somebody will find the right angle and right fact base for blowing that open." CASE STUDIES Shook Gets Certified! by John Anderson of Shook, Hardy & Bacon In September 2014, Shook, Hardy & Bacon announced that we obtained ISO 27001 certification of our information security management system. A globally recognized standard for information security management systems, ISO 27001 certification requires that a company show a systematic and ongoing approach to managing sensitive information. Shook began pursuing certification 18 months ago; to maintain its standing, we must undergo annual audits to assess the maintenance of high standards. After starting work on the ISO 27001 certification, we reviewed and enhanced all our information security guidelines, policies and procedures to ensure they included the areas required for certification, and we added specific timing intervals for future review of this documentation. The firm formed an Information Governance Advisory Group to oversee information security activities, and we developed a more rigorous information security training program for the firm that highlights important security topics. The size and severity of corporate data breaches continue to skyrocket, with no end in sight. Companies increasingly seek assurances that their business partners have taken adequate and appropriate measures to protect against theft and unintended use of their data. Our annual ISO 27001 audits will help us focus on continuously improving our systems, adjusting to new risks that didn't exist the year before.