The Role of Encryption in Law Firm Data Security

The use of encryption boils down to a discussion of acceptable risk. The appropriate level of encryption depends upon specific use cases and is a balance among many factors, including the sensitivity of the data, the need for usability and convenience in accessing and using the data, and the impact if the data were to be breached.

Extract from article by David Greetham and David Levin

Legal ethics rules require attorneys to take competent and reasonable measures to safeguard information relating to their clients. Attorneys also have contractual and regulatory obligations to protect information relating to clients and other personally identifiable information.

To do this, firms must first understand what information they have. From that evaluation, a firm can identify an appropriate solution with acceptable risk as it applies to particular sets of data. In an ideal world, all information — including emails — would always be encrypted, whether in transit or at rest, and regardless of where it was stored. But in the real world, that’s not practical because it can add cost, frustrate users, and impede productivity.

The use of encryption boils down to a discussion of acceptable risk. The appropriate level of encryption depends on specific use cases and is a balance among many factors, including the sensitivity of the data, the need for usability and convenience in accessing and using the data, and the impact if the data were to be breached. For example, basic data that is public information, such as corporate addresses, probably doesn’t need to be encrypted. Conversely, details of an upcoming transaction held in the files of a firm specializing in mergers and acquisitions need strong protection.

Additional Reading:

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.