Today, firms create, store and manage the vast majority of their information electronically. Working via email, cloud services, or mobile devices, lawyers, professionals and staff increase collaboration, productivity and efficiency. Unfortunately, they also substantially increase the risk of breaches in client confidentiality or data leakage.
In response, clients and government agencies are mandating stricter standards around data security, data privacy and information disclosure. Publications from Association of Corporate Counsel and Law Technology News advise clients to pay particular attention to firms' security practices around logging internal access to client files, limiting access to a "need-to-know" basis and employing additional monitoring controls over highly sensitive data.
The standard of care has shifted. Recent legal opinions increasingly create expectations that firms will take proactive measures to prevent and detect any and all unauthorized access to sensitive information. In multiple opinions, an individual internal breach has led to a malpractice suit against the defendant firm for not "exercising reasonable care" to protect sensitive information. New regulations, like the HIPAA Security Rule, explicitly require that firms "implement software that records and examines activity in information systems that contain or use" this information.
The new standard of care is auditable proof — clients, courts and regulators expect that firms will have robust mechanisms in place to protect sensitive information from getting into the wrong hands.
Identify and Manage Risks Before They Become Problems
Automated monitoring is essential to identifying activities that may be symptomatic of a larger problem. Problems may include a breach, unauthorized movement of information, or indicators of an impending employee departure. Activity Tracker notifies firm management and IT teams of certain suspect activities so that firms can intervene early enough to prevent unwanted outcomes. It enables firms to:
Detect Anomalous Activity — alerts IT and firm management of suspicious activity
Monitor High-Risk Matters/Engagements — provides visibility into the use of highly sensitive data
Log Access to Sensitive Data — generates detailed audit reports for compliance and reporting
Gain Visibility into System-wide Activity — extends across on-premise and cloud-based systems
Manage Lateral Departures — watches for excess downloading that may signal a departure
Mitigate Email Risk — notifies users who attempt to send attachments that break security policies
If your organization is looking to enhance confidentiality management and information security, consider joining the unmatched and growing community of successful firms who have partnered with Intapp.