WHAT IS DUTY TO PROTECT?Beyond ethical obligations law firms are required to provide certain levels of security to protect clients data. States and governments have enacted legislation rquiring any provate or governmnenatal entity to notify indviduals of breaches or concerns regarding their private information. Law firms especially; but an organization who collects personal information, shall have a duty to protect prioprietary information which is disclosed to it in writing and identified as "confidential" by Discloser, or, if disclosed orally or in an other manner, if DIscloser porvies an organization wiht a written memorandum summarizing and designating such information as 'confidential'.
WHY ARE FIRMS SO CONCERNED?
Many firms are now asking, “What do we do to keep our systems and data safe? How can we keep this from happening to us?” There is a simple answer to this question: Hire a chief information security officer, give him or her a budget to hire the staff needed to build and maintain an enterprise security program (ESP), and exercise appropriate governance over the firm’s digital assets.