An interview with Goran Radošević, who is an associate with Karanovic & Nikolic law firm, the leading full service commercial law firm covering the jurisdictions of Bosnia and Herzegovina, Croatia, Macedonia, Montenegro and Serbia. Goran is a member of the Commercial & Healthcare team at and advises clients on matters relating to commercial law focusing on data protection, healthcare, public procurements and general corporate law.
The recent cloud scandal indeed revealed that the exposure of information to professional hackers worldwide is today greater than ever before. Although the implemented data protection systems are being continuously updated and strengthened in order to prevent new forms and methods of data intrusion, the core nature of these malicious attacks often leaves the data protection systems one step behind the level necessary to prevent any intrusion.
As far as law firms are concerned, the data relating to their business clients is often very sensitive and needs to be secured to the maximum extent possible. As the recent scandal revealed, cloud services may still be considered as an increased security risk compared to the traditional in-house servers, and law firms are therefore likely to invest more in safer and more reliable data protection systems – which in practice requires that providers of IT services develop new and improved security protocols in this respect. In addition, law firms may consider keeping all their data (or at least the most sensitive ones) in-house rather than in the cloud (this is what Karanović & Nikolić has chosen, in order to ensure maximum security for its clients’ data).
What procedures have law firms put in place (or plan to) to ensure their business clients won’t be affected by future data protection systems?
In addition to the procurement of safer and more reliable data protection systems and/or keeping all or certain data in-house (as mentioned above), law firms generally responded by implementing additional organizational and personnel measures to limit the exposure of clients’ data to third parties (such as security trainings, restrictions of physical access to facilities, event logging, systems access authorisation, service monitoring etc.).
What does this security breach mean for law firms security budget? Will this affect clients?
Law firms security budget will probably be affected by the increased investment into safer data protection systems. This may affect the clients at the end, but in today’s competitive market it is more likely that law firms will cut some other costs in order to prevent these additional spending resulting in the increase of the costs of their services to clients.