Last week’s post explored why law firms need data security policies. Before we move on, I’d be remiss if I didn’t mention another policy that’s absolutely crucial for the law firm’s data security posture – a records management policy, coupled with an up-to-date and legally validated records retention schedule.
What does a records retention schedule have to do with data security? Simply this – keeping data without a legal or business reason exacerbates data security exposures.
Breached systems frequently contain many times more data than was needed for retention compliance or any valid business or operational purpose. This unnecessary data multiplies the number of those whose confidential or protected information is compromised, and can also have exponential impact once breached, passing a tipping point on lasting reputational damage or on the economic viability of claims against the firm.
It’s not possible for a breach to compromise the security of information that no longer exists, having already been compliantly disposed of once its legally required retention and business value have expired.
But surely most every law firm has a records retention schedule in place for its records of client matters and firm administration, right? Actually, far too few firms do.
Continue Reading Law firm data retention – they can’t hack what you no longer have