The short answer is yes! Law firms deal with sensitive and valuable information daily. As a result of this, law firms have an obligation under many legal and regulatory bodies to keep that data safe. It also makes law firms a prime target for cyber criminals. Imagine being the law firm to A-list stars, and then suffering a potentially reputation damaging data breach. Now think of your own firm, would your firm be able to survive this type of scenario?
By law, Canadian firms are subject to Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act. If your firms works in or has clients globally you could also be subjected to the European Union’s General Data Protection Regulation or the California Consumer Privacy Act, which are examples of laws placing onus on companies to protect consumers’ personal information. In addition to these data regulations, any firm that accepts payment cards must also meet PCI standards and security requirements.
In addition, firms need to ensure their external vendors secure their data as well. It is all well and good if your firm has secured the data, but if you haven’t ensured your third-party vendor isn’t secure, then it could be for naught. Both clients and staff are counting on your firm to do their due diligence to ensure their information is safe. A survey by HBR Consulting found that while a firm’s clients request third-party risk documentation 79% of the time, yet only 42% of firms stated that they have a formal third-party risk management policy in place.
Does the thought of ensuring compliance for you and your vendors keep you up at night? Does it seem like a daunting task? If this sounds like you, give Uzado a call. We can ease the challenge of managing all your risk management and compliance issues.