Law firms could face more pressure from insurers following public, inadvertent disclosures
The inadvertent disclosures in the Alex Jones trial and Jan. 6 investigation are likely to put more attention, and more pressure, on law firms' technology competence.
In the recent back-to-back inadvertent disclosures in the Alex Jones trial and the investigation into the Jan. 6 riots, it is fair to guess that clients weren’t too happy with their legal teams.
But how do insurers react when lawyers blunder while using technology?
The answer is likely pretty straightforward. If a driver causes a car accident, their car insurance rates will likely spike, thus incentivizing drivers to be careful behind the wheel. And in legal, insurers could play a similar role in enforcing more cautious behavior.
While how they do so could vary, it’s possible that some changes may be coming down the pipeline for the broader legal market. After all, mistakes from highly publicized cases could start catching insurers’ attention, said Mary Mack, CEO and chief legal technologist for The Electronic Discovery Reference Model.
“At a certain point, these kinds of fails will create some malpractice liability,” Mack noted. “And then the insurance companies that underwrite attorneys will want to know if an individual attorney has processes that are up-to-date to safeguard their client communications.”
However, while many firms have legal malpractice insurance, Hinshaw & Culbertson partner Steve Puiszis, a member of the firm’s professional liability practice, noted that inadvertent disclosures aren’t always covered by these policies.
“You get professional liability coverage to protect against errors or omissions that occur in the delivery of legal services,” Puiszis said. “Depending on the nature of the policy, there can be exclusions written into the policy for privacy violations and perhaps the inadvertent disclosure of confidential information depending on how that exclusion is written.”
Puiszis argued that this lack of coverage is another reason for lawyers to purchase cyber coverage.
“That’s another reason why lawyers need to also be considering cyber coverage, because if it doesn’t fit within the professional liability policy, it would fit within and be covered under your cyber policy,” he added.
Recently, however, many firms have decided to forgo cyber insurance altogether, as policy coverage is shrinking and premiums are hitting record levels.
Meanwhile, in some cases, an insurer can actually play a big role in helping prevent those mistakes in the first place. Take, for instance, mutual insurers.
“We are a mutual, so it’s different. We have a unitary rating. So it’s not like their firms’ rates are going to change,” said Mary Beth Robinson, senior vice president for loss prevention at the Attorneys’ Liability Assurance Society. “Instead, we go in there with education.”
The education and training of lawyers on technology and its risks can take many forms, from presentations, to podcasts, to what she referred to as “loss-prevention minutes,” which are brief videos.
“For example, we produce publications. We have a data security prototype policy that we circulate that our members have access to that talks about all kinds of things like inadvertent email transmission, dealing with highly sensitive information, document creation [and] cloud-based file sharing,” she said.
Robinson noted that the organization certainly keeps current with what’s going on in the legal profession to see where the mistakes are happening.
“We also work very closely with our claims colleagues who are handling our members’ claims,” she said. “So we meet with them regularly, we collaborate with them to understand where the mistakes are coming from, where we’re seeing problems, where we’re seeing claims.”
Still, even with a mutual, firms need to have adequate processes in place to be eligible for coverage.
“We will turn firms away if we don’t think that they have adequate processes and policies and claims history to join,” Robinson said. “So, there is a process to be able to join and a minimum size.”
In recent years, technology competence has received growing attention after the American Bar Association amended the Model Rules of Professional Conduct to address technology competency in 2012.
Still, since then, few and far between are the states that have offered resources to ensure their lawyers are keeping up with technology. It was only earlier this year, for instance, that New York became the first state to add a requirement mandating that lawyers take legal education courses in cybersecurity, privacy and data protection.