Cybersecurity in Our Digital Lives (Protecting Our Future Book 2) by Jane LeClair & Gregory Keeley

Cybersecurity in Our Digital Lives (Protecting Our Future Book 2) by Jane LeClair & Gregory Keeley

Author:Jane LeClair & Gregory Keeley [LeClair, Jane]
Language: eng
Format: epub
Publisher: Hudson Whitman/ Excelsior College Press
Published: 2015-03-03T05:00:00+00:00


Chapter 6

Cybersecurity and the Legal Profession

ANDREW A. PROIA AND DREW SIMSHAW

Introduction

The relationship between the law and cybersecurity continues to grow in significance and

complexity every day. According to a report by the Congressional Research Service, more

than 40 federal laws contain provisions addressing cybersecurity (Fischer, 2013), a

number that is likely to increase in the coming years. Recent large-scale data breaches

have spawned numerous class-action lawsuits against some of the country’s largest

companies, with many of the plaintiffs arguing that it was these companies’ legally

insufficient information security measures that allowed the breaches to occur. Federal

regulators and state attorneys general have also begun utilizing their legal authority to

investigate information security incidents, and ensuring that companies have implemented

reasonable security measures when handling sensitive data.

As governments, industries, and individuals become more reliant on increasingly

complex and vulnerable technologies, professionals skilled in applying, enforcing, and

interpreting the law will play an increasingly important role in cybersecurity. Lawyers,

paralegals, and other legal professionals are becoming keenly aware of the demands

cybersecurity brings to the profession. While great attention is rightfully paid to the need

for technical expertise, an effective cybersecurity workforce also depends, in part, on a

legal profession that fully understands and embraces the importance of cybersecurity.

Overall, “[a] large number of professionals—with not only technical skills, but also an

understanding of cyber policy, law, and other disciplines— will be needed to ensure the

continued success of the U.S. economy, government, and society in the 21st-century

information age” (Kay, Pudas, & Young, 2012).

A need for specialized legal services is created by the numerous statutes, regulations,

legal doctrines, and policies related to the protection of information and information

systems from unauthorized access, use, disclosure, disruption, modification, or

destruction. “Cybersecurity,” “data protection,” and “data security” law and policy

practice areas are taking shape in some of the country’s largest and most prestigious law

firms. Typical among these practice areas are legal services for complying with domestic

and global data security and privacy laws, developing security plans and managing

information security risks, drafting contracts with vendors that require certain security

protections, and supporting organizational responses to data breaches.

At the same time, the legal profession itself faces a number of cybersecurity

challenges and is beginning to recognize the importance of protecting its own assets and

information systems. In some ways, legal professionals are better suited to handle these

challenges than members of other professions; confidentiality is already ingrained into the

culture of legal practice and the top-down power structure of law firms enables partners to

efficiently and effectively enforce priorities, including proper information security plans.

However, other aspects of the legal profession present unique hurdles to achieving

effective cybersecurity. Law firms and lawyers are often averse to discussing the topic

before a breach—which takes time away from providing direct legal services—and after a

breach—when such news can cause embarrassment to the lawyer, the law firm, and its

clients. Basic cybersecurity measures (like keeping up to date on security-relevant

software updates) are sometimes seen as inhibitors to efficiency and convenience, both of

which are highly valued in the fast-paced world of law.

This chapter will examine the unique role of cybersecurity within the legal profession

as both an innovative practice area and an ethical requirement for those practicing law.

First, this chapter will examine the individuals that make up the legal profession and the

unique ethical obligations imposed on practicing lawyers and their staff to implement

reasonable cybersecurity measures. Second, this chapter highlights the threats facing the

profession, and why lawyers and law firms are prime targets for cyber attacks. Third, this

chapter reviews some of the skills necessary for members of the legal profession, and how

these skills shape the cybersecurity law and policy landscape. Finally, this chapter

provides recommendations for the legal cybersecurity workforce and additional resources

for the curious reader.

This discussion does not intend to provide an exhaustive review of the many

components that make up the legal profession’s role in cybersecurity. Instead, the chapter

highlights some of the unique ways in which legal professionals are developing

cybersecurity law and policy as a growing practice area, while also examining some of the

challenges the profession still faces as emerging technology continues to play a critical

role in providing the public with sound—and confidential—legal services. Nothing

contained in this chapter is to be considered as the rendering of legal advice, and readers

should consult legal counsel with any questions or issues they may have.

The Legal Profession’s Unique Cybersecurity Roles and Obligations

The Legal Profession

Legal professionals are among the most educated members of the American workforce,

and should be well suited to understand the complexities of the cybersecurity challenges

that face most organizations and the country. The core professionals within the legal

profession are lawyers, or the men and women who are licensed to practice law. Typically,

a lawyer will have received a bachelor’s degree from an accredited college or university,

and will have received a law degree, known as a “juris doctorate” or “doctor of

jurisprudence,” from a law school accredited by the American Bar Association (ABA).

The practice of law is primarily a self-regulated profession, in which licensing and

practice requirements are governed, for the most part, by state bar associations. In order to

receive a license to practice law in a given state, applicants must be successfully admitted

into a state’s bar. While state requirements vary, bar admission generally requires a law

degree, a rigorous character and fitness examination by the state’s board of bar examiners,

and a satisfactory score on both the Multistate Professional Responsibility Exam and the

state-issued bar examination of the state in which the applicant wishes to practice

(National Conference of Bar Examiners, 2014).

Licensed attorneys, however, represent only one of the many occupations that make

up the legal profession. Non-lawyer legal professionals serve an important function in the

enforcement, administration, and interpretation of law. Paralegals, for instance, are

individuals trained to conduct substantive legal work and assist lawyers in their day-to-day

operations. While not allowed to provide legal advice or otherwise engage in the practice

of law, paralegals work across all legal practice areas and can gain qualifications through

education, training, or work experience (National Federation of Paralegal Associations,

2011). Other positions within the legal profession include court clerks, who help

administer trial proceedings and run many of the day-to-day operations of the judiciary;

and mediators, who help resolve disagreements, such as contract disputes, outside of the

formal legal process (American Bar Association, 2010).

As



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.