Understanding data security for law firms
I will cover here some practical advice on how can you can keep you data secure for your law firm. I have covered it briefly before here we can dive a bit deeper. There are two key areas to be mindful of, within your firm and your software suppliers basically everyone who has access to your data. It may seem impossible to keep track of where your data moves but with careful evaluation of your software providers hopefully you will protect yourself and your clients from hitting the news.
Why you should move to foundation models to reduce risk
If you add a software vendor in front of a foundation model provider you add risk because its an additional part involved who have full access to your data. They can advertise any number of certifications and security measures but you are at their mercy. Generally smaller companies have less experience and pressure to handle data securely where as large companies would have gone through the challenge to keep data secure from employees and attackers. Additionally they would have worked with enterprise who would have demanded of them secure practices.
Many Australian AI legal companies may advertise data lives in Australia however you can see from above chart that is not the case because they will need to call downstream dependencies particularly the foundation models who are hosted in the US. I only know of Google Gemini which has multi region support. You may want data to stay in a region for compliance.
Safe data access practices to enquire aobut
- Just-in-time (JIT) access where only employees oncall have elevated permissions and data access needs to go through approval process outside.