Today, security is top of mind for many in the legal profession. The EU’s GDPR, now one-year-old, certainly grabbed our attention and California’s similar CPPA, set to take effect early next year, has increased awareness. While the news has extensively covered major data breaches, it is easy for lawyers, law firms, in-house counsel, and their staffs to dismiss exposure to those occurrences because we typically do not collect large volumes of data in our day-to-day practices.
In his 3/8/17 article, “Rising cost of data breaches to $2.1 trillion by 2019…” Luke Irwin of IT Governance ominously wrote: “[We] found an astounding figure of 3.1 billion records leaked in 2016, conservatively. We also discovered an infiltration of law firms’ email worth $4 million stolen [and] data breaches anticipated to be at 2.1 trillion by 2019, in less than 2 years from now.”
Despite some discernible progress in privacy protection since the European Union's General Data Protection Regulation (GDPR) was enacted one year ago, in America it’s practically non-existent. In a Microsoft blog post, Corporate VP & Deputy General Counsel, Julie Brill recounted the progress that has been made since GDPR’s adoption, concluding with a predictable call for further progress to be made in the year to come, including adoption of uniform federal legislation similar to the EU GDPR.