ACC’s Data Steward Program Levels the Playing Field for Law Firms

ACC recently launched its Data Steward Program (DSP), the first industry-standard, comprehensive evaluation to assess data security of client data for law firms and legal service providers. DSP makes it easy for in-house counsel to ensure their outside firms are protecting their sensitive information. 

Michele Shuster, managing partner at Mac Murray & Shuster LLP, a women-owned boutique law firm that focuses on consumer protection regulatory compliance and litigation, was part of the committee that selected the program’s industry-standard security controls relevant to client data at law firms. She describes the program as “compliance in a box,” providing a much easier way for clients to ensure their firms have rigorous security in place.  

Shuster recently saw her own firm through the DSP evaluation process. She knew the DSP qualification would ease the concerns of her corporate clients. For in-house counsel, putting company data in the hands of an outside firm is “one of the things that keeps them awake at night,” Shuster says. Having the firm be independently vetted according to the latest security standards can bring peace of mind to her clients. 

The DSP program offers a Core Assessment that allows law firms of all sizes to assess their information security capabilities and demonstrate to clients the measures they take to protect confidential data through the online, secure platform. Additionally, firms can elect to have an ACC-appointed, independent third-party assessor validate that they meet minimum security standards, resulting in the award of an “ACC DSP Accreditation” upon meeting threshold requirements.  

A key component of the program is that firms’ security assessment results are managed on DSP Exchange, a secure and dynamic platform that provides an easy-to-understand scoring system. Firms are scored on a scale from zero to 100 and can securely share those scores with clients. Law firms can also include detailed proof of compliance that demonstrates how they met controls. DSP Exchange is dynamic, so as firms increase their security capabilities, they update their assessments and their scores are automatically updated, doing away with client-managed, once-a-year, and potentially out-of-date annual security refreshes. Equally important, as new security threats emerge, ACC will update their selection of controls.  

The DSP offers a way for law firms of any size to assess security capabilities. For a smaller, boutique firm like Mac Murray & Shuster, it is a way to demonstrate that they are just as secure and knowledgeable about data threats as the largest firms. “It levels the playing field so our clients will not have to worry about our firm’s technology expertise, but can focus instead on the caliber of our attorneys,” Shuster says. More information on the ACC Data Steward Program is available at www.accdatasteward.com