Traditionally, law firms have had an open security model – all users see everything (except for internal security: HR, Accounting, Partners, etc.).
Today, however, with increasing security awareness and demands on the part of clients, what is known as the “Pessimistic Security Model” is starting to gain traction. In this model, a given client’s documents can be seen and accessed only by people assigned to the case. No one else in the firm can see them. Some firms with particular sensitive clients (in entertainment law or intellectual property for example) have added ethical walls for a few individual clients.
While this might seem like a good idea in some cases, it suffers from a major drawback, namely that it requires a significant investment of time to set up and administer. If it is done on a per-client basis, then the firm may need a separate ethical wall for each individual client. There are ways to adjust this - for example creating groups of people that work on multiple clients. For each client the appropriate group would be assigned. Thus instead of requiring separate security for 100% of clients, you might only have separate groups for 75% of the firm’s clients - there would be some overlap.
There are other slightly more general options that require less maintenance, for example defining security on a practice area basis: a group containing the members of a given practice area is created and assigned to all matters in that practice area. This can be a good solution to the extent that individual paralegals and assistants work in only one practice area, but in many cases there is overlap. Specific clients may require more restricted access to their files.
For most firms, a full-fledged pessimistic model may not be the best solution. However, as client demands for greater security of their documents increase, it is something firms will no doubt have to start implementing, even partially starting with a few particular clients.
Recent Comments