Wall Street doesn't want outside law firms allowing BYOD

Goldman Sachs warns that if banks and law firms don't sort out data security, feds will

Top financial services firms on Wall Street do not want their outside law firms allowing their staffs to bring their own mobile devices to work, according to a panel discussion of in-house attorneys at these financial firms.

Lani Quarmby, associate general counsel at Bank of America, warned that her firm would not take kindly to a data breach caused by an outside law firm's BYOD program. "Can you imagine if a law firm had a breach? We wouldn't work with them again," Quarmby was quoted by Am Law Daily as saying.

Jeffrey Isaacs, global chief compliance officer at Goldman Sachs' legal department, stressed that "everyone on Wall Street" has separate corporate-issued and personal smartphones. But law firms have resisted this trend because they fear they will not be able to recruit legal talent and could dampen staff morale if they clamp down on BYOD, Am Law Daily reported.

According to a survey of chief information officers and technology executives at 83 law firms by American Lawyer, 70 percent of respondents said that BYOD programs benefit their firms by producing "more cheerful users" and 27 percent said BYOD reduces budgets for equipment. At the same time, 82 percent of respondents said their chief concern about BYOD was data security.

Isaacs said that he and his counterparts at other financial firms have begun a dialogue with CIOs and partners at 11 large law firms about ways they can improve data security, an issue he expects to get more attention at the International Legal Technology Association conference next month.

Rose Battaglia, global chief operating officer for Deutsche Bank's legal and compliance departments, told the panel that her team is being asked to conduct risk assessments on their outside counsel, according to a report by Am Law Daily's sibling publication Corporate Counsel.

Am Law Daily spoke with a number of CIOs at leading law firms who did not seem to think that their BYOD programs posed a data security risk. John Sroka, CIO at Duane Morris, said his firm uses a mobile device management platform that enables the separation of corporate and personal information on personal devices.

Phillip Rightler, CIO with Thompson Coburn, was skeptical of the banks' assertion that attorneys' smartphones might not be secure because they are used for both personal and work purposes. "Banks cannot know which contacts and information employees have on their work phones are personal, and which are work-related. There is no way to know the difference," Rightler asserted.

Isaacs warned that if banks and law firms do not sort out the data security issue posed by BYOD programs, federal regulators will step and impose a solution for them.

For more:
- read the Am Law Daily report
- check out the American Lawyer survey
- see the Corporate Counsel report

Related Articles:
With BYOD, don't leave your backend exposed
Widespread Android flaw opens enterprises up to data theft, warns Bluebox