According to one ABA report 23% of law firms didn’t know if they had a data breach. This is a troubling statistic in that another ABA report stated that around 15% of all law firms have had a data breach. Today it is not so much “if” your law firm will have a data breach, but “when.” Will your law firm be prepared that handle the data breach or will your firm be in the 23% of the firms that do not even know whether they have had a data breach.
Attorneys have an obligation to keep client information confidential. And depending on the facts and outcome of Shore V Johnson Bell Ltd not fulfilling this obligation could prove costly.
Even though the outcome of this legal action is not known, law firms continue to have an obligation to protect client data, not only form an ethical standpoint, but also via statute.
What would a Data Breach releasing personal data such as dates of birth, social security numbers, driver’s license numbers, credit card information, medical records, legal records, accounting records, tax records and/or other information entrusted to the organization cost the firm? Release of this information by an organization can open up the organization to violation of HIPPA, Granm-Leach-Billey Act, or other state privacy legislation that can open up the firm to law suits for damages.
While prevention is preferred, a Law Firm needs the coverage protection of a proper Data Breach/Cyber Policy. Relying on coverage through The Law Firm’s Business Owners & Lawyers Malpractice Insurance will leave hole in your coverage.
A good Data Breach/Cyber Liability Insurance offers 1st party and 3rd party coverage. It needs to respond to the following exposures:
1st Party Claims
1. Incident Response Services
2. Ransom demands to unlock your system.
3. Notification requirements costs from federal & state laws & regulations to your clients that have suffered a data breach
4. System assistance in restoring your systems and data
5. Loss of income for the time that it takes to recover from a data breach
6. Harm to reputation & goodwill
7. Crisis Management and public relations costs
3rd Party Claims
1. Damages to clients that have suffered a data breach
2. Cost of defense to defend you from these claims
3. Regulatory Violations, fines and penalties that may be accessed against the firm