Business entities, regardless of whether they are publicly or privately held, must always be sensitive and vigilant to avoid the pervasive and exponentially growing impact of cyber-related crimes or employee negligence. If such threats were to materialise, the result could be business-threatening, if not devastating, by way of lost customer goodwill and reputational damage. As such, the careful protection of irreplaceable confidential personal or sensitive business information should be paramount, irrespective or where such data is stored, or who has care, custody or control over it.

Virtually all professionals (lawyers in particular) at some time have care, custody, and control over individual clients’ confidential personal information (PII) and protected healthcare information (PHI), as well as business clients’ commercial and operational secrets, such as intellectual property and – their most valuable assets – trade secrets (CCI). On many occasions, such professionals hold not only their own clients’ protected data, but that of their clients’ customers and clients as well.

It follows, then, that professional consultants, vendors and other trusted advisers are under attack on a daily basis by hackers with malicious intentions, hacktavists with political or social agendas, and insiders seeking personal gain. All may have different goals, strategies and methods, but the risk is the same: the potential theft of confidential, legally protected information.

Perhaps most problematic, while third-party holders of their clients’ information can effectuate the most up-to-date incident avoidance measures, they still cannot prevent employee negligence. People make mistakes. But when the mistake by a third-party business partner’s employee results in the loss of a client’s PII, PHI or CII, the effects on the client can be overwhelming, if not fatal to its economic viability and vitality.

Oct-Dec 2017 Issue

Traub Lieberman Straus & Shrewsberry LLP