Law firms house a treasure trove of sensitive documents, confidential information, trade secrets and other materials of immeasurable value. Most professionals are aware of these risks and take steps to safeguard cyber and hard copy materials. Yet, the frightening ease with which materials land in the wrong hands was made public recently when a stock broker and a law firm employee were arrested on charges of fraud in connection with a $33 million insider trading scheme.
According to reports, here is how the scheme worked: The law clerk stole information from the law firm and passed it on to a friend, often using coffee shop napkins. The friend, who is now a cooperating witness in the case, relayed the information to the broker. The law clerk allegedly accessed the confidential information by using the firm’s computer system, and advised the middleman that he did so in a way that he believed would leave no sign that he had accessed the data.
This exploitation of sensitive, nonpublic information involving a firm’s clients threatens to undermine the integrity of the legal industry and can shake a client’s confidence in her attorney. For law firms, this case emphasizes the need to manage the potential risk posed by insider trading. Before the electronic age, it was easier to keep track of confidential files by locking them in cabinets or conference rooms. With the advent of electronic storage, documents can now be accessed firmwide, and on virtual platforms that provide attorneys and their clients easy access to documents, often without logging on to the firm’s server.
Firms should aim to address these dangers while taking care to avoid extraneous policing. Preemptive tactics include protecting potentially sensitive information by including code names for clients and enlisting the IT department to ensure that sensitive documents can only be read by limited team members. Random or scheduled audits of “data trails” that track who accessed documents, and when, take it another step further to guard against threats.
These and other extra security measures may contradict the culture at many firms, especially those where collaboration is encouraged, and may make access to the information more time-consuming. Yet, the risk of exposure arising from misappropriated information is too high to ignore. It is up to the individual professional to assess if the ends may justify the means, especially if you or your firm handles a great deal of sensitive client information.