Law firms facing possible government enforcement action for allowing a data breach aren’t really in a different position than other businesses, Bloomberg BNA Privacy & Data Security News Managing Editor Don Aplin said at a recent MimesisWebTV Cy-pher roundtable discussion of privacy thought leaders.  

Lisa Sotto, managing partner at Hunton & Williams LLP, noted that the important difference is that the issue for firms may not be personal data involved in a breach but R&D and trade secrets information. 

Aplin said that law firms need to undertake the most basic risk analysis move and find out exactly what kind of data it holds.  He discussed the costs for law firms to factor the costs of hacking prevention into their overall cost structure

Mark Seifert, a partner at the Brunswick Group, said that law firms should never underestimate the impact a data breach will have on attorneys in the firm being taken away from their client duties to act in crisis response mode.  Dealing with a breach is a full-time job and law firms shouldn’t forget it, he said.

Kevin Chalker, founder and CEO of GRA Quantum, said that law firms will find that the cost of doing preventative data security work, such as penetration testing, is going to be much less than the costs of responding to a breach.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.