Founders’ Corner: Data, Data Everywhere – For lawyers, what’s the ESG Link?

Data. It’s everywhere.

For law firms, in particular, big data is an increasingly important issue, both in terms of being the managers and caretakers of client-owned or produced-for-client data, as well as the internally-focused performance data related to an individual firm.

It’s perhaps easiest to conceptualise these aspects as two sides of the same data management coin, with one side focused on privacy and security of client data, and the other side focused on the benefits of transparency and accessibility for firm-relevant data.


To start with the first side, the client data: Data has always been a key part of a law firm’s client relationship – the steady flow of information and research in all its many forms, of ongoing contracts, agreements, or testimonials, of litigation and investigation documents, etc. That's why so many jurisdictions include laws surrounding attorney-client privilege or similar concepts protect the client’s data.

Yet, while a client’s data is often conceptually protected, given the large-scale integration of technology, it is nowadays equally if not more important to be able to technically protect it through data security and privacy firewalls.

If a law firm’s network or internal database is hacked or breached, its clients’ data is at risk, and no “attorney-client” regulation or stipulation holds potential disclosure back. The reputation of not only the law firm but also of its clients can be severely damaged.

As such, sound cybersecurity policies and protocols, as well as clear data governance structures to protect the data of its clients, are crucial for every law firm.


Now moving to the other side of the coin, the law firm’s own data: law firms, as with any large organisation, produce lots of data. From financial data to employee data to regulatory data, managing and at times safeguarding this information, requires discipline and infrastructure.

Further, sharing and disclosing information relevant to operations and initiatives is also becoming more important for reporting the sustainability and ESG performance of a company. This is increasingly true for law firms, as clients large and small expect more and more of their professional service providers – including their legal representation - to report on their ESG activities.


Given these two strategically important prongs, you would expect a law firm to put data at the core of its strategy, with commitments and policies forming a fundamental part of a firm’s “Governance” considerations.

Yet, in looking at the documented data management and security protocols and policies of more than 700 law firms across the globe, the analysis provides a different picture:

  • Only 50% of the assessed law firms have a statement on how they deal with client data that goes beyond confirming compliance or adherence to applicable data privacy/protection laws and regulation; and

  • Not even 20% report on their certified data security standards.

In light of the importance of personal and professional data in all its many formats, we see a huge opportunity for law firms to distinguish themselves in the ESG space by spelling out a clear strategic focus on protecting and managing internal and external data. Such strategies can be further strengthened by public commits to more than just the legally required minimum.

Clearly articulating how a law firm carefully manages a client’s data, as well as the law firm's commitment towards its clients in terms of digital/cyber security, can be a key differentiator in the legal market.

In addition, committing to transparently reporting on the law firm’s own (ESG) data is another step towards building a trustworthy relationship with clients and employees.

Taking both sides of the data coin into consideration will create the most value for all stakeholders.

You can read more about our thoughts on this issue in’s Is Privacy and Cybersecurity the Next Frontier for ESG? article.