Law firms face new challenges to the exposure of both their client confidence and security practices. California Governor Jerry Brown signed SB 24 into law on Wednesday requiring companies with data breaches to report the scope of the breach to the California Attorney General’s Office.
The new law, likely to influence other states, offers special challenges for law firms. According to David Navetta, a founding partner with the Information Law Group, “Law firms are a repository of the most sensitive and private information. It’s one of the benefits of dealing with a law firm, the nature of the protected attorney client relationship. Even the possibility of a law firm having weak security is frightening.”
SB 24, effective January 1, 2012, opens a scenario in which law firms are required to report the data breach of 500 or more client files to the State Attorney General’s Office, creating a tacit admission to the violation of client privilege for a block of clients. According to Navetta, in a scenario like this, “I don’t think a law firm would characterize it that way. But even if we’re talking about the loss of intellectual property instead of personal information, what is the potential impact to litigation, if these items are discoverable? Bad practices may be exposed in a law firm.”
Webinar Pick: Chief of the California Office of Privacy Protection Joanne McNabb will present on the impact of SB 24 in a webinar sponsored by the California Webinar Law Journal on Oct. 20th. McNabb will discuss drivers to the new California Data Privacy Law and best practices for law-firm client privacy. The event is open for members of the California State Bar for continuing legal education credit and free to law school staff and students. See here for registration details.