Compliance in Legal Services

Consider the expectation of the American Bar Association (ABA) that every legal service, no matter what size, has the legal and ethical obligation to maintain secure data. It is written into Rules 1.1 and 1.6 of the “ABA Model rules of Professional Conduct”.

There are many overarching federal Acts and various states have their own legislation, often even more stringent. Depending on your client base and the specific services you provide, you will need to research the relevant legislation and standards, including:

• Health Insurance Portability and Accountability Act (HIPAA)
• Fair and Accurate Credit Transactions Act (FACTS)
• Gramm-Leach Bliley Act (GLBA)
• Sarbanes Oxley Act
• Payment Card Industry Data Security Standard (PCI-DSS)

One of the key elements of compliance is informed consent. Typically, you will ask your clients for consent in writing to collect, use or disclose their personal data and any other information that has an impact on their case. You want to be clear about situations in which you are required or authorized by law to disclose information and when it is not considered a breach of confidentiality, including:

• If a court issues a subpoena
• When you are providing legal services that require you to give information to third parties; e.g. a mortgage transaction
• When it is necessary to collect fees
• When a third party provides services such as Managed IT Services
• If you retain other legal services on behalf of the client

The Digital6 Technologies team recognizes that full compliance can seem to be overwhelming for a small to mid-sized legal service. However, the Digital6 specialist can help you find an affordable, efficient way to design and implement an IT solution for compliance. You will find that being able to ensure compliance can be a strong selling point, giving you a competitive advantage over other firms.