You do everything you can to practice law ethically. You know the rules, you attend the local bar association CLEs, you even feel your moral obligation to do the right thing. But most of all, you know that if you do something stupid, it could cost you a lot:
Yet when you put your clients’ confidential information in the hands of third-party vendors, you’re taking a pretty huge gamble assuming that they feel the same way.
When was the last time you put your third-party vendors through a security audit? When was the last time you asked about their specific policies and procedures regarding physical and data security? When was the last time you even asked: “hey, so where exactly do you keep this data?”
Unless your answered “less than 12 months ago” (or some similar response, in the local vernacular of course), it’s time to do it again. Every third-party contractor that has access to your clients’ confidential information is a potential security vulnerability.
Your vendors (probably) don’t practice law
Although some of your vendors deal exclusively with attorneys (or have a massive attorney client base), most of your vendors don’t completely understand the unique privacy issues lawyers deal with. They certainly don’t take those issues into consideration by default.
However, under your state bar’s rules, it’s very likely that you have an obligation to “oversee” your vendors to protect your clients’ information. Sound like a daunting task? It certainly can be. The key is to make sure that you’re taking all reasonable precautions. The best way to do that? Read through your third-party vendors’ terms of service.
Audit your vendors’ terms of service
Yeah, that long thing that you scroll through on iTunes, your vendors have them too. The thing is, they contain a lot of valuable information about your vendor’s policies and procedures. Particularly, it usually describes the nature of the relationship, and each party’s duties regarding the relationship.
Specifically, they usually address confidentiality!
By auditing your third-party vendors’ terms of service, you can make sure that you’re taking all reasonable steps to protect all of the confidential information you entrust your vendors with. Your audit will also tell you when it’s time to say goodbye to your vendor, regardless how much you like them!
As long as you know the right questions to ask, of course.
Your Third-Party Vendor Checklist
Looking for a list of questions? How about something that generates the appropriate follow-up questions based on your responses? A list that lets you know when your vendor’s terms just don’t meet your requirements? We have you covered.
Our free Third-Party Vendor Checklist will run you through the essential questions to ask your vendor, and will provide you with the necessary follow-up questions where appropriate. With a three-tiered response based on your inputs, you’ll know in real time whether your vendor’s terms pass muster, cause concern, or don’t even pass the smell test!
Covering topics like overall due diligence, security of confidential information, physical and electronic data storage, and quality-of-service issues, we’ve got your bases covered.
We’re always looking to improve, too! Have any topics or questions that we forgot? Leave a comment or shoot me an email!