Published on:

Security considerations regarding access by law firms to your matter management system

A piece in Met. Corp. Counsel, April 2011 at 13, brought to my awareness a new consideration: matter management systems that allow law firms to access them directly. Most typically, law firms log on to upload their invoices.

Mark Poag of Datacert warns that “Although collaboration is imperative, it should not come at the expense of security.” He warns against competitor’s SaaS (software as an online service) solutions that rely on only their internal permissions and precautions to prevent data security breaches. Passport, from Datacert, “supplies a secure pipeline and leverages advanced security technologies” for the interchanges between a law department and its firms on the matter management system.

I take no position on this issue (and don’t know what a pipeline is). It is good to let law firms make use of a matter management system; it is not good to put sensitive information on the system at risk. I wrote this post to raise awareness and perhaps to elicit comments.

Posted in:
Published on:
Updated:

One response to “Security considerations regarding access by law firms to your matter management system”

  1. Mark Poag says:

    Your post is correct, “It is good to let law firms make use of a matter management system; it is not good to put sensitive information on the system at risk.” This is why security should always be high on the list of considerations when reviewing and/or evaluating technology solutions. Passport’s pipeline is a web-based portal that securely transmits data using technologies such as PKI (public key infrastructure) encryption and X.509 certificates. The pipeline enables law firms anywhere in the world to (either proactively or at the request of their corporate client) upload and transmit invoices, as well as budgets, timekeeper information, accruals, and matter narratives to the corporate law department without ever directly accessing the client’s application. This allows for easy communication between the department and its firms, while also ensuring that corporate clients retain complete control over their data.