02 Oct The Rising Cost of Data Breach
The Rising Cost of Data Breaches
Introducing a new, decentralized model for managing risk
A core value of the legal profession is that lawyers and law firms keep their client confidences. Every lawyer’s license to practice is dependent on adhering to this regulation. A data breach for a law firm represents a breach of this trust. If the breach reaches the media, the firm faces harm to their reputation and, often, loss of a client or a matter worth significant revenue.
The Ponemon Institute’s 2011 annual study on the cost of a data breach reveals that they grew more costly for the fifth year in a row. The average cost of a data breach increased to $7.2 million in the U.S. and £1.9 million in the UK. The average organizational cost of a data breach increased to $7.2 / £1.9 million and cost companies an average of $214 / £71 per compromised record, markedly higher than in 2009. The expenses associated with a data breach range from detection, escalation, and notification to customer churn due to diminished trust. Negligence remains the most common threat in the U.S. (41%), which reflects the ongoing challenge of ensuring employee and partner compliance with security policies, while system failure overtook negligence as the most common threat in the UK this year (37%). Malicious or criminal attacks are on the rise in both countries.
Centralized vs. decentralized models
As highly searchable electronic files become more ubiquitous, the need to protect confidential information rises to a level of crisis proportion. Firms will have to carefully reexamine how they apply confidentiality standards. Most likely, this will drive a shift from a centralized model of security control to a decentralized model.
In Asia, nearly everything is confidential until it’s made public. In the UK and the U.S. nearly everything is public until it is made confidential. That’s going to change over the next decade as western countries progressively move to the Asian model to prevent abuses such as insider trading schemes, which have become all too common. In most law firms today, it’s the risk management team or general counsel who decides what level of confidentiality is called for on a particular matter. And they do so with reluctance: a law firm may have only 10 matters out of 5,000 that are walled off from the general firm for confidentiality purposes. Eventually, as law firms move closer to the Asian model, everything that formerly was in the physical file is going to have to be coded confidential. A centralized risk management team would be crushed under this model.
Introducing the concept of matter owner
Prosperoware addresses confidentially standards in Milan Matter Hub by introducing the concept of a matter owner for every matter and decentralizing and distributing process control and security control to the lawyer in charge of the matter. When you decentralize and distribute who applies confidentiality standards, you put the decision in the hands of the people who know the matter best. You also address the issue of a matter that changes as work progresses, such as when a matter under advisement becomes a confidential merger and acquisition matter.
In Matter Hub, a matter team with a matter owner or a matter manager is automatically associated with every matter. Matter Hub’s provisioning service pulls data from your system of record—either your Matter Opening or Time & Billing system—and designates the responsible, originating, and/or billing lawyer as the matter owner. The matter owner can delegate matter management privileges to an associate, paralegal, or assistant manually or, if one of the firm’s databases has this information, let the system do it automatically.
The matter owner(s) adds or subtracts team members as needed either manually or using tools that automatically add team members based on activity, such as billing time or document creation. Matter Hub can also automatically exclude individuals based on business rules, such as when the firm represents two competitors. The matter manager manages the folder structure as work on the matter progresses and secures the matter at the document, folder, or workspace level without requiring IT support.
How matter teams restrict or grant access to a matter
All data privacy laws require that access to private information be secured to those who need access. Lawyers are generally not comfortable storing their email and other client documents where it is accessible to the entire firm. However, they generally find it acceptable to share information and collaborate with other members of the matter team. Matter Hub makes it easy for the matter manager to restrict or grant access for the matter team to a matter workspace or single folder. The unique hybrid security model of Matter Hub allows the matter team to share work-in-progress documents with the firm while restricting access to sensitive content, such as emails or medical records, to the matter team.
Matter managers add or remove users associated with a matter within the document management client. The document management system grants or denies access to documents and folders according to their actions. When workspaces and files are both easy to secure and easy to find, frustrated lawyers are less likely to store files on their own systems—which is key to managing risk.
How security rights are distributed
Matter Hub gives firms the ability to set information barriers and determine standards of confidentiality without constraining the responsible lawyer’s ability to manage the matter team.
Matter Hub supports inclusive, exclusive, and dynamic ethical walls. It also provides metadata and security re-filing rules that allow firms to determine whether metadata should be updated when a document is moved or to prevent a document from going from a secure location to an unsecured location. With all other products you have to manage the intersection of the re-filing function and the ethical wall product. This can result in a document becoming unsecured through a metadata re-filing function.
- Inclusive walls: Establish the level of confidentiality for a matter as either a firm matter (completely open) or secured to the practice area or matter team. Either the firm or matter owner (responsible lawyer) can make the determination.
- Exclusive walls: Prevent user access to a matter on the basis of ethical or other constraints. Inform team members of anyone who has been excluded from the matter through email notifications or the matter team user interface
- Dynamic walls: Automatically segregate users who work for competitive companies or on opposite sides of the matter.
A web-based platform makes the transition easy
Privacy and confidentiality concerns—and the fines noncompliance can generate—require more effective control of access to information than current solutions offer. A decentralized and distributed security model that is integrated with other systems law firms work with makes resolving this issue straightforward. Matter Hub is a browser-neutral platform that overlays rich, web-based software for applying confidentiality standards on top of industry-standard enterprise products used in the legal industry, including iManage WorkSite, NetDocuments, Microsoft SharePoint, Microsoft Office, File Shares, and Personal Storage Tables (PSTs). Matter Hub simplifies the deployment of electronic files across all of the firm’s matters, minimizes delays in change processes, and automatically intercepts accidental failure to follow firm policy. With Matter Hub, firms are able to mitigate risk, and legal teams are able to work more effectively.
Want to learn more about Milan?
Read more about Milan from our product page.