When firms see more and more clients moving to hosting their own data, and only allowing outside counsel to access it on a limited basis, this will be one of the reasons. There will be a litany of others, don’t get me wrong, probably topped by their wish to control costs along with their own data, but the insecurity of data once it leaves an organization bound for the outside law firm, will be a huge concern.
The sad reality is, even once this firm puts into place a security plan, including encrypting all data that is going off site for any reason, there will still be huge security holes. Don’t get me wrong, a stricter security policy is a good thing, but it won’t prevent attorneys from printing private, personal information, and carrying it around with them, or emailing it insecurely, or leaving it laying around, etc. Once data leaves the client and goes to a firm, you’re trusting everyone at the firm to protect it, and some clients aren’t willing to go that far, especially if they have the resources to control exactly what data the attorneys have access to, what they can do with it, and when they will no longer have access to it, which is also a huge area of ongoing concern.
Simply put, a firm should have strong documentation and security procedures in place and enforced, but they can never compete with the idea of never sending it to them in the first place.