by Keith Lipman

In most law firms today, it’s the risk management team or general counsel who decides what level of confidentiality is called for on a particular matter. That’s simply the wrong way to go about it because they are looking at a matter from the 30,000-foot level. Centralized administration of confidentially is doomed to failure In the era of the electronic file, and the failure can be costly.

Mathew Kluger is only the latest case in point. Accused of providing confidential information for what authorities say was a $37 million insider trading scheme, Kluger faces at least 15 years in prison if convicted. Kluger is alleged to have used his positions at several prominent law firms beginning in the mid-1990s to pass inside information on upcoming mergers and acquisitions to a middleman, who made stock trades based on the information. He then passed on the profits to Kluger and his buddies.

The law firms he stole the information from face an uphill battle to restore their reputations. The assumption of confidentiality is built into any discussion between a client and a lawyer. In reality, a law firm may have only 10 matters out of 5,000 that are walled off from the general firm for confidentiality purposes. This wasn’t nearly as great a problem when we were dealing with physical files. You had to get the key from someone, and you left a trail.  But now that electronic files are ubiquitous and highly searchable, we’ve letting the fox mind the chicken coop.

Complicating the situation is that matters often don’t require confidentiality walls when they are opened but. as they evolve, they do. What started out as a request for advisement morphs into a confidential M&A but the matter coding never changes.

The problem is also partly cultural. In Asia, nearly everything is confidential until it’s made public. In the UK and the U.S. nearly everything is public until it is made confidential. That’s going to change over the next decade as western countries progressively move to the Asian model to prevent the kinds of abuses Luger represents. How law firms administer confidentiality will have to change, too. Can you imagine how large a risk team you’d have to have to manage just 500 confidential matters not to mention 5,000 matters?

The solution isn’t that difficult: decentralize confidentiality processes by putting the responsible lawyer in charge of who has access to the matter. (Or someone on the matter team.) Seems logical, doesn’t it? From a software perspective, it’s a fairly straightforward to distribute security rights. The technology to do it exists: it’s built into Matter Hub, for example. As described in this whitepaper – see link – where we’ve written more deeply on the subject, Matter Hub introduces the concept of a matter owner for every matter and decentralizes and distributes process control and security control.

It’s a fact: the technology to prevent data breaches in a virtual practice exists. But the will to change how we do things, including applying confidentiality standards, seems to be glacial.