Law firms deal with highly sensitive data within their day-to-day business and find themselves confronted with an increased risk of cyber-attacks and data breaches. At the same time, they also find themselves under an increased pressure to comply with data protection regulations such as the GDPR, ePR or the new DSG. 

Research project

In February, 2022 the Chair of Media & Culture at the MCM-HSG launched a new project to shed light on the attitudes, believes and day-to-day practices of Swiss law practitioners towards data protection and on benefits associated with finding innovative technological solutions which focus on Privacy by Design/Default. Funding for the project was granted by the Innosuisse Innovationcheck thanks to a collaboration between the Chair of Media and Culture at the MCM-HSG and ARCANO, a Swiss Privacy by Design legal technology file sharing solution company, who was interested in understanding the issue of data protection in Swiss law firms more in-depth.

To achieve an in-depth understanding of the issues and erroneous practices that affect legal practitioners in their day-to-day work-life this research project conducted a mixed quantitative and qualitative survey amongst legal practitioners in Switzerland. The survey focused on four areas of investigation: 1) Understandings of Data Protection and Regulations, 2) Data Protections and File Sharing Pracitces, 3) Data Training Experience and Literary, and 4) Understanding of Legal Technology Solutions.

The research project was designed and carried out exclusively by the academic partner in full compliance with research independence and excellence. It is for this reason that the findings of the research are open access and aimed at the legal sector in general, the public, as well as those interested in acquiring an in-depth understanding of everyday practices and challenges when developing legal technology solutions.

Findings

The findings suggest that even though awareness towards data protection is generally rising among the survey participants and many Swiss law firms are already taking important steps to secure data handling, there is still much room for improvement. In fact, five challenges have been identified that may prevent Swiss law firms from effective data protection, which are 1) operationality, 2) complexity and lack of knowledge, 3) lack of resources and outsourced solutions, 4) client requirements and 5) organizational cultures.  

A key strategy for improving data protection in Swiss law firm, this study suggests, can be found in a combination of pursuing behavioural change and the employment of secure IT systems. In fact, the findings propose 1) to focus on an improvement of data trainings in terms of regularity and content and 2) to invest in legal technology solutions supporting secure file sharing and Privacy by Design or Default settings.

Even though both proposed solutions will have an important impact on the future ability of Swiss law firms towards secure data handling, this study also calls for institutional support regarding knowledge transfer as well as affordable technology solutions to not leave behind smaller law firms that are not capable of the needed resources to comply with data protection regulations.

Report

The full report “Data Protection in Swiss Law Firms” can be downloaded here: Full report

A summary of the report in form of a slide deck can by found here: Slide deck summary