Lost data and disaster recovery are topics that seems to appear in the news on an almost weekly basis. Between employees and professionals losing devices, bring-your-own-device (BYOD) practices, hacking, natural disasters, or hardware failure, protection of personal and professional information is on everyone’s minds.
For those who work in the legal field, lost digital information can have dire consequences. Litigation lawyers have custody of confidential and sensitive documents regarding their clients, in addition to information regarding the internal and financial operations of the firm itself. All of these must be safeguarded against loss and security breaches while meeting the pertinent state and bar association requirements for safe digital storage. If however, data is lost, a litigation law firm must deal with notifying various governing bodies, the interruption of their regular business, disaster recovery expenses, and potential insurance issues.
As bar associations across the country become increasingly aware of the importance of clear backup and data recovery and restoration policies and procedures, they publish suggested legal guidelines for digital records management in the form of “opinions”. These guidelines clearly set out the responsibilities of law firms when it comes to cloud records management and backup. This useful map from the American Bar Association shows links to the opinions for each state.
The Florida Bar Association’s Proposed Advisory Opinion 12-3 published by the Professional Ethics Committee of the Florida Bar in January 2013 is a typical example. It states that “lawyers may use cloud computing if they take reasonable precautions to ensure that confidentiality of client information is maintained.”
The lawyer has an added responsibility to thoroughly research the service provider before engaging their services. They must ensure their files will be adequately secured, easily accessed by authorized legal staff, and stored in an off-site remote location to minimize the potential impact of a location specific catastrophe such as a natural disaster or hardware failure at the law firm’s offices.
If data loss occur and the proper precautions haven’t been taken, the headaches and expenses may have long-term and costly consequences for law firms of all sizes.
Disappearing Data Disrupts Ongoing Business
When data disappears, it has a ripple effect of unpleasant consequences for a law practice. Some of the day-to-day struggles litigation lawyers may face while dealing with lost data include:
- Disruption of daily activities of law firms while attempting to get back up and running, restore systems and data.
- Disruptions that may affect the progress of other cases the firm is working on.
- Damage to the firm’s reputation among its peers as well as existing and potential clients.
- Additional costs to investigate, search for, and restore the data.
Lost Data and Lawyers’ Insurance
A sometime overlooked aspect of misplaced or lost digital data is the effect it has on a lawyer’s insurance. Evidence of improper records management, backup, and disaster recovery protocols may not only increase future insurance costs, it may result in a claim being denied.
While Lawyer Professional Liability Insurance (LPL) may provide very limited protection in cases where the loss was negligence-based, cyber insurance is an increasingly popular risk management option that can help cover the costs of data recovery for lawyers when it occurs. All law firms should discuss their coverage in detail with their insurance carrier to ensure they are fully covered in the event of a disaster that leads to lost data.
Legal Ramifications of Lost Data
The legal consequences of lost data are other serious considerations for lawyers dealing with lost data. Firstly, the firm must report the data loss to state authorities.
According to a recent story in the New York Law Journal, as of March, 2013, 46 states and the District of Columbia have state laws that specifically state the requirements for records management and notification of digital data. Custodians of sensitive information (this includes lawyers) about private citizens and businesses must notify both the individuals and the state authorities of any potential security breach or data loss when it occurs.
A law firm must also be prepared to deal with a potential bar association investigation, and litigation from clients as well as any third parties whose confidential information was included in the lost data.
Data loss can be particularly harmful if it includes files supporting current court proceedings. Reuters reported that vanishing files led to delays in the death penalty case of a suspect on trial for his involvement in planning the September 11, 2001 bombings of the World Trade Centers. Digital documentation critical to both the defense and the prosecution were lost as a result of a data breach of the Pentagon computers, resulting in a delay of the pre-trial hearing.