- Use Cases
- Why Dizzion
For some industries, knowing what compliance standards they must adhere to is easy. For healthcare, HIPAA is a must. For retail, business process outsourcing, insurance and other industries that regularly handle payment card information, PCI DSS compliance is ever present. But when it comes to the legal industry, the compliance landscape is a bit more gray.
While legal doesn’t have any one particular compliance standard it must follow, it can easily be subject to multiple standards. It all depends on the compliance needs and requirements of individual clients or even cases. This drastically increases the complexity, as a recent post by Peak 10 + ViaWest pointed out:
Generally speaking, if a law firm deals with credit cards or stores sensitive health information for a client, then PCI or HIPAA will kick in, but a particular compliance mandate designed for law firms specifically has surprisingly not yet been put into place. Here’s where the legal industry differs from, for example, healthcare: it’s not so much the compliance regulations that they’re subject to as law firms, but the compliance regulations their clients are subject to, and those could range from any of the above mentioned to ISO 27001, NIST SP 800-53, or Gramm-Leach-Bliley. Thus, it’s critical for law firms to fully understand the compliance requirements of their clients, as well as how those requirements affect the firm consequently.
If the law firm – or any other legal practitioner – accesses, stores, transmits or otherwise handles sensitive or protected information, they’ll be responsible for ensuring compliance while the data is in their hands. This can get even trickier if sensitive data is accessed by remote or part-time contractors.
Since compliance isn’t legal’s primary concern, it makes very little sense for in-house IT to tackle complex and ever changing standards alone – particularly since there’s not one single standard to implement. That’s why the Peak 10 + ViaWest post promotes finding tech vendors and partners that specialize in offering compliant solutions. Data centers and desktops are areas that IT already needs to fulfill, so why not outsource compliance heavy lifting where possible by making a smart vendor choice?
Compliance may not be a business driver within legal, but a compliance misstep can certainly have a very large and negative impact. Read Peak 10 + ViaWest’s full post to see exactly why compliance shouldn’t be ignored within legal and how smart vendor decisions can make meeting client’s compliance requirements much easier.
Jan 30, 2018
Full compliance with PCI DSS standards is only at 55.4% and most organizations that experience data breaches are missing specific requirements. READ MORE