If your IT firm counts any lawyers or law firms among its clients, you probably already know that the data security rules are stricter in legal fields. But exactly how strict are those rules? And what is your liability exposure if you recommend technology that violates obscure privacy statutes?
In recent months, one of the biggest questions for IT consultants and small IT firms working with legal clients has been about adoption of cloud technology. This article outlines the security, privacy, and liability concerns you need to be aware of when working with attorneys and other legal companies on technology adoption.
Security and Privacy Guarantees for Cloud Providers
Law firms and independent lawyers have to take into consideration a hodgepodge of state, local, and federal regulations and rules about maintaining client confidentiality and data privacy. For IT companies working with law firms on data storage or management solutions, this means you need to…
- Discuss with legal clients the exact standards of client data privacy they're required to maintain. Until you understand the letter of the law, you won't be able to identify which cloud providers meet those criteria.
- Carefully check a cloud provider's privacy policy. Unless it guarantees that it will maintain security and privacy of customer data, you shouldn't recommend it to your legal clients. Why? Because recommending a cloud provider that doesn't meet legal muster exposes you to liability if and when a lawyer's clients' information is exposed.
- Spend extra time with your contracts. Take the time to ensure that expectations for a project are clear when working with legal clients. The same should hold true with clients in medical professions, who also work under stringent guidelines for customer data security. (Need help with your customer contracts? Check out our free contract templates.)
Handling Data Breaches to Cloud Services
Most analysts agree that these days, data breaches are more or less guaranteed. What we don't know is when they'll hit and how much damage they'll do. When considering cloud services to recommend to attorneys and law firms, be sure to take into account how each service handles breach events. You'll want to know…
- When and whether you'll be alerted when a data breach occurs. As the party with technological expertise, you'll want to be in the loop if and when your clients' information is compromised. Not only will notification be essential to your ability to advise your legal clients about how to proceed with notifying their clients, but notification will also ensure that someone who understands the nature of the data breach will be in the know from the beginning. Relying on those with legal expertise to handle technical matters is a recipe for mismanagement and potential disaster. A dissatisfied lawyer who thinks you should have been more active in their case can easily sue you negligence.
- Whether you'll have the right to investigate a data breach. In every state, the Attorney Registration and Disciplinary Committee (ARDC) handles issues like the mismanagement of client data. Depending on state law, your IT firm may have to defer to the ARDC when investigating data breaches at cloud providers. It's important to know the protocol going into a relationship so that you don't make matters unnecessarily complicated down the road.
- How you'll handle client notification in the event of a data breach. Again, state laws and regulations may affect how you or your legal clients can proceed with notifying their customers if and when a data breach occurs. Adhering to these guidelines while maintaining any confidentiality standards could require a balancing act on your part or your client's, so it's best that you're aware of the challenges beforehand.
Preparing Your IT Firm for Working with Lawyers and Other Legal Professionals
The bottom line for IT professionals who work with attorneys (and often doctors and other medical professionals) is that data privacy standards are much more stringent than in other fields. In addition to communicating with your clients, you can protect your business by investing in the kinds of liability insurance that protect you if you unintentionally violate existing standards and face a lawsuit as a result.
Key coverages include…
- Errors and Omissions Insurance (Professional Liability). This coverage pays for your legal costs in the event that a client sues you over your professional advice or work (including negligence). So if you recommended a cloud provider for a small law firm and that provider was hacked, leaking your client's customer information, your client could be liable for failing to maintain customer confidentiality. But because it was your advice that got them mixed up with the cloud provider in the first place, they could turn around and sue you to collect the damages they might owe to their clients and fines they might owe regulatory boards.
- Third-Party Cyber Liability Insurance. This coverage protects you from suits specifically linked to data breaches and similar events that happen on services or products you recommend to your clients. Think of it as a cyber-specific type of E&O Insurance.
The bottom line? Working with clients in highly regulated fields can be lucrative for small IT firms. And if you invest the time and energy in learning the ropes, you may be able to establish yourself as a go-to provider of IT services for legal professionals. In order to protect the financial and reputational wellbeing of your company, however, be sure to pay careful attention to adhering to regulatory guidelines.
Ready to get started? Get a free quote online, instantly.
