The Association of Corporate Counsel (ACC) announced the formal launch of its new Data Steward Program (DSP) – the legal industry’s first and most comprehensive data security evaluation and accreditation program specifically designed for law firms and their corporate law department clients.
“ACC heard from our members that there was no standard approach to assess and compare law firms’ data security standards,” said Veta T. Richardson, ACC president and CEO.
“In the 2020 ACC CLO Survey, CLOs ranked data privacy and security among the top three most important issues facing their overall business. These are also key concerns of the law firms they work with, who handle and store significant amounts of sensitive client information.
“The ACC Data Steward Program enables quick assessments and comparisons of law firms’ data security protocols as our members and others vet which law firms will earn their business.”
The program creates a standardized framework for assessing, scoring, benchmarking, validating, and accrediting a law firm’s posture toward client data security. The DSP also enables secure and easy sharing of this profile with the firm’s current or potential clients.
The program, designed by working groups of law firm and in-house counsel, leverages controls from existing data security frameworks (e.g. NIST), but it customizes the control selection, available responses, arrangement, and compliance metrics to meet the specific needs of law firms, delivering both questions – and reports – in an easy, online platform.
A set of charter law firms – ranging from AmLaw 50 to small boutique firms – are already signed up and completing their first Data Steward assessment, some working in partnership with key clients to do so.
There are two evaluation tiers for law firms to choose from within the DSP. Tier 1, the DSP Core Assessment, allows law firms of all sizes to assess their information security capabilities, and demonstrate to clients the measures they take to protect confidential data through the online, secure platform.
DSP Tier 2 offers confidential, independent validation of the law firm’s self-assessment by third party industry experts, resulting in the award of an “ACC DSP Accreditation” upon meeting threshold requirements.
“The ACC Data Steward Program is a clear win-win for law firms and their clients,” said Jim Merklinger, president of the ACC Credentialing Institute, who was responsible for development of the accreditation.
“Currently, law firms must spend considerable time and money completing individual data security evaluations for their clients. The ACC Data Steward Program provides both standardized, easily comparable evaluation, and, if desired, accreditation of law firms’ security practices – all at a fraction of the time and cost.
“While the DSP is thorough – assessing one hundred and sixty controls – early users have indicated that a well-prepared law firm can complete the entire process in a few hours. Review by in-house counsel is equally straightforward. ACC is confident that this new program will prove to be a valuable tool for our members and law firms alike.”
“Our firm, like many others, welcomes ACC’s Data Steward Program,” said John Kuttler, CIO at Finnegan, Henderson, Farabow, Garrett & Dunner, LLP.
“Now we can do a detailed assessment once, and potentially leverage that assessment many times over with multiple clients. We particularly like that the program focuses specifically on the security and governance of client legal information. This guides us in ensuring that we are maintaining the appropriate level of security.”
“Mac Murray & Shuster was the first law firm to participate in the ACC’s Data Steward Program,” said Michele Shuster, Managing Partner, Mac Murray & Shuster.
“The streamlined SaaS interface and industry-standard NIST security controls allow our firm to demonstrate, to current and future clients, the measures we take to protect their confidential data.
“M&S recognizes the competitive advantage this will give our firm: it will level the playing field so our clients will not have to worry about our firm’s technology expertise, but can focus instead on the caliber of our attorneys.”