Outside help

• Author: Anna Stolley Persky
• Pages: 30-31

in privacy law com-

ing from the European

Union. Companies worldwide

are responding to the G eneral Data

Protection Reg ulation, which sets

guidelines for the collec tion and pro-

cessing of personal i nformation of indi-

viduals with in the European Union.

The GDPR is “scaring everyone

because the pena lties for failing to

protect personal d ata are high,” says

Charles Gold, chief m arketing o cer

for Virtru, a n encryption and data

protection company.

“If you are doing business wit h

Europeans, you need to b e very con-

scious about GDPR and the require-

ments for protecting persona l data,” he

says.

Gold points out that Europe tends t o

blaze the trail when it come s to privacy

laws, so “even if you aren’t doing busi-

ness in Europe, you need to k now that

the same kind of regu lation as GDPR is

coming soon to a countr y near you.

“Giddyup and get ready,” Gold says.

ENCRYPTION IS KEY

Law fi rms of al l sizes have failed

to properly invest in the tech nology

needed for data secur ity, according

to cybersecu rity experts.

Equifax . Yahoo. Anthem. Sony.

In the past few years , these

companies exper ienced some of the

most signifi ca nt data breaches to date.

And all of these compa nies found

themselves subject to inten se world-

wide media coverage over thei r failure

to secure their in formation.

The industries a ected—from health

care to entert ainment—know all too

well that the strug gle to secure data in

the digital age never end s. While indi-

vidual busi nesses within t hese indus-

tries wil l continue to fi nd themselves

vulnerable to brea ches, they have an

advantage over law fi rms. They have

been fi ghting this bat tle for a long time.

The legal industry i s lagging well

behind when it comes to data se cu-

rity, says Rich Santa lesa, a member

of the boutique cybersecu rity fi rm

SmartEdgeL aw Group and of counsel

to the New York City-based Borts tein

Legal G roup.

“Law fi rms as a w hole can learn

a lot about cybersecur ity by looking

at other industries,” says Sant alesa.

“Unfortunately, other industrie s have

had to learn thei r lessons the hard

way—by having breaches that have

received med ia attention.”

Santalesa says dat a security involves

three di erent , simultaneous focuses:

“the technology, the people you have,

and needs of the industr y in which you

work .”

In addition, data sec urity can’t be a

one-size- fi ts-all situat ion. The cyber-

security need s of a small law fi rm will

be di erent than t he needs of an inter-

national fi rm , just like the needs of

Target are di erent fr om the needs of

a small retai l website. However, all law

fi rms, just l ike all businesses, must pay

close attention to the applicable pr i-

vacy laws, Sant alesa says.

The legal industry nee ds to pay

special attent ion to the changes

OTHER INDUSTRIES ARE WELL AHEAD

WHEN IT COMES TO CYBERSECURITY

AWARENESS AN D PREVENTION.

WHAT CAN THE LEGAL INDUSTRY

LEARN FROM THEM? BY ANNA STOLLEY PERSKY

OUTSIDE HELP

30 || ABA JOURNAL SEPTEMBER 2018

PHOTOGRAPH BY LIGHTSPRING/SHUTTERSTOCK.COM

Business of Law

||

SPECIAL EDITION