The simple reason is that all major domestic and multinational corporations typically retain the services of at least one, and often several law firms. Then, each of those law firms works with multiple legal services providers in order to provide the type of support that is required in the preparation of matters. Moreover, for those companies engaged in international data transfers, the level of scrutiny being meted out by EU member states while new privacy protocols are solidified under Privacy Shield is at an all time high. As you can see, even for the most simple of data transfers there are multiple points of vulnerability and this is why it is critical to understand what information security and governance procedures are in place.”
Or, if you have the resources, keep this stuff in your own garden and make those legal folks come to you.
But, not everyone can do that, so you want to read up on how to determine how secure these other folks are in handling your data.