Cyber Security and Your Fee Agreement

Posted by Audrey Ehrhardt, Esquire, CBC

When it comes to your engagement agreement in your law practice you’ve probably thought of just about everything. From billing practices and administrative expenses to office practices and describing your services, you have it all. When it comes to hacking, cybercrimes and security breaches, however, have you addressed them in full detail too?

At any time any of our firms could be attacked. Each of us could suffer significant losses to data, client files, and confidential information despite our best efforts and preparedness. Now is the time to think about how you manage client information, the security practices you follow daily, and what your message on your security practices is to your clients and professional relationships. There is no sign of cyber crimes decreasing in the near future and to best protect your firm, you need to consider adding a clause in your fee or engagement agreement related to security.

What should be included in your engagement agreement? Check out our five best practice ideas below.

1. Clarify, in writing, nothing is 100% secure.

It’s true. Even though you want to be able to promise absolute privacy and security, none of us can. Let your clients know you will do the best you can to maintain security, including, but not limited to, adhering to industry-standards for your business, installing security updates and utilizing the software you need to protect your practice.

2. Share your office policy and procedures.

Let your clients know each of your employees is trained on how to recognize cyber threats and that all of you are working as a team to best protect their information. Mention your email, attachment, and digital transactional policies, although you do not need to go into great detail. (Quick practice management pointer here: make sure you do have a training program for your employees on cyber security).

3. Accepting the assumption of risk.

There is a risk involved in any digital transactions and in working with any business today. Your client assumes this risk by working with you. Now is the time to get him or her to affirmatively decide to move forward.

4. Identify what your client can do to limit the risk.

During a hack, information may go out to a third party from you without your knowledge. Communication is key here. Let your clients know your standard communication policies and ask for their help. If they see something from you that raises suspicion, ask them to notify you immediately over the phone or in person.

5. Hold Harmless Clauses.

If it is allowed in your state under the bar rules, this is the time to consider including a hold harmless provision relating to threats, breaches, loss of privacy, and loss of financial information. This can include instances where personal and financial client information is stolen.  Be sure to read your malpractice or cyber terrorism insurance policies as well because, by policy standards, these clauses may be required for them to be in force.

Curious about what this clause looks like? Need an example? Just contact us to let us know and we’ll be happy to share sample language with you.

Copyright © Practice42 2024 | All Rights Reserved