Program offers in-house counsel affordable means to evaluate data security practices of law firms
The Association of Corporate Counsel has formally launched its comprehensive data security evaluation and accreditation program for firms and their corporate law department clients.
The Data Steward Program aims to offer in-house counsel a standardized approach to thoroughly, efficiently and affordably assess, score, benchmark, validate and accredit law firms’ data security protocols and attitudes toward client data security. The program also allows for the easy and secure sharing of such profiles with the existing or future clients of firms.
The program, which may be accessed via an easy-to-use online platform, builds upon the controls of existing frameworks such as the NIST Cybersecurity Framework, but adapts the control selection, available responses, arrangement and compliance metrics according to the particular needs of firms.
The program offers two evaluation tiers. For the first tier, which is called the DSP Core Assessment, firms of all sizes may assess their information security capabilities and may show clients their confidential data protection measures via the secure online platform.
For the second tier, the program may confidentially and independently validate the firm’s self-assessment conducted by third party industry experts. The firm will receive an “ACC DSP Accreditation” upon complying with the threshold requirements.
Veta Richardson, president and chief executive officer of the Association of Corporate Counsel, noted that chief legal officers named data privacy and security as one of their top three business concerns in this year’s ACC CLO Survey. “These are also key concerns of the law firms they work with, who handle and store significant amounts of sensitive client information,” Richardson said in the news release.
Jim Merklinger, president of the ACC Credentialing Institute, said that the program offers firms an alternative to completing individual data security evaluations for their clients, which may cost significant time and resources. “ACC is confident that this new program will prove to be a valuable tool for our members and law firms alike,” Merklinger said in the news release.
The program, which was designed by working groups of firm and in-house counsel, has already been put into practice by charter law firms who are in the process of completing their first Data Steward assessment.
John Kuttler, chief information officer at Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, and Michele Shuster, managing partner at Mac Murray & Shuster, made positive comments about the Data Steward Program in the news release, as early users of the program.