The article notes that some large law firms have already enacted policies to restrict employees’ access to personal email accounts while at work, citing concerns over exposure to malware and the potential for prying eyes to get a hold of sensitive client data.
"This is a trend, and it's being driven by the more sophisticated, high-end clients that everyone is either trying to obtain or maintain," said Ken. "We are getting more and more RFPs that focus on data security, and those structures and baselines have become more rigid. They're less requests and more requirements now."
"As the PR component of data security becomes much more pressing for clients, they're pushing that pressure down onto their own vendors," He added. "Not just law firms, but any vendor who might have access to their data."
Rich stated that many of those clients are unlikely to be sympathetic to arguments that such restrictions are unduly harsh on employees, given that they likely have much more stringent regimes already in place in their own networks.
"At the end of the day, there’s an ethical duty to maintain confidentiality of client information, and whatever sort of systems you have in place, it falls on an individual attorney making the decision about what to transfer and what not to transfer,” he said.
"In the financial services space, there are a number of general restrictions on accessing certain sites, whether email or otherwise, from firm servers for security reasons," he added. "I'm not sure if I see this policy move in large law firms as necessarily being all that divergent from what people are already seeing with clients."