Legal Readiness from CSR

CSR's Legal Readiness®

State Courts Require You to Protect Client Data.
Failure to do so may Lead to Disciplinary Consequences and Data Disasters.


Evolving privacy laws and confidentiality rules are reshaping the legal profession. Are you protecting your client’s personally identifiable data in compliance with Professionals Rules of Conduct 1.1, 1.6(c), and 5.3?

Legal Readiness provides the framework for regulatory compliance and data breach risk mitigation.Legal Readiness Privacy Assessment for Lawyers

By answering questions in Legal Readiness, lawyers evaluate their management of confidential and personally identifiable information ("PII"). Expert systems analyze the answers from a privacy perspective and generate a customized schedule of remediation tasks in order of priority.

Legal Readiness then provides guidance on privacy practices and access to information and solutions. It’s an extremely effective way to improve your data privacy practices and data security.

"Legal Readiness will be eye-opening. The fact that there are statutes out there that require more than the confidentiality rule will be informative for many attorneys."
Michael J. Lingle, Thomas & Solomon LLP  (Rochester)


Most lawyers try hard to protect confidential information. They believe completely in the principle of client confidentiality. But technology poses dangers that many lawyers have not mastered, and nearly all lawyers can significantly improve the way they handle PII and client confidential information, for both paper and digital data. Unfortunately, day-to-day business and urgent client demands get in the way. Now is the time to act with Legal Readiness. You can't fix what you don’t know is broken.

91% of data breaches are avoidable. Most breaches have human causes and result from human error – even the hacks you hear about. Don’t be the lawyer who thinks data security is an issue for an IT specialist or someone else - this is your issue. It is about how you conduct your legal business and about your compliance with the Rules of Professional Conduct and your adherence to the standard of care.

Download the Technical Specs on our privacy assessment for lawyers.

Download the Legal Readiness Product Overview.

Access detailed info on Legal Readiness: Visit Microsite.

Buy Legal Readiness today for $249. Currently available for NY Lawyers. Coming soon for other states.

Are you protecting your clients' confidential and personally identifiable information ("PII") in compliance with New York Rule of Professional Conduct 1.6(c) as amended in 2017?

Legal Readiness is the data privacy assessment designed for lawyers.

It provides a framework for regulatory compliance and data breach risk mitigation.


Effective January 1, 2017, New York State Courts amended Rule 1.6(c) of the New York Rules of Professional Conduct. It now requires every lawyer to make “reasonable efforts” to safeguard confidential information against inadvertent or unauthorized disclosure or use and -- for the first time -- to safeguard confidential information against unauthorized access.

Legal Readiness is a data privacy assessment for lawyers developed by top compliance experts and evaluated by lawyers with substantial ethics experience. Legal Readiness identifies weak spots in your data handling and helps you fix them. Most data breaches result from human error, and no law firm – large or small – is immune, no matter how much it spends on IT. But you can reduce your exposure with strong procedures and training through Legal Readiness.

Data security is not an issue that can be delegated to an IT specialist or a secretary - it is your issue as a lawyer. It is about your legal practice, your compliance with the Rules of Professional Conduct, and your adherence to the standard of care. That’s why Legal Readiness is so valuable.

  • A quick, convenient, and inexpensive framework for regulatory compliance and significant risk mitigation.
  • A cost-effective way for you to learn how to comply with rapidly-changing privacy laws and with increasingly-demanding New York ethics rules on competence and confidentiality.
  • Proof you are making reasonable efforts and taking action.

The question is not if a lawyer will experience a data breach—it’s when. More than one-quarter of lawyers at large law firms in the U.S. report they have experienced a security breach of some sort, according to the American Bar Association’s 2016 Legal Technology Survey. A breach can occur in a matter of minutes and go undetected for months. Lawyers possess a great deal of PII and other valuable data, which makes them an appealing target. Here are some of the common causes of breaches:

  • Physical theft or loss of laptop or other device
  • Error (e.g., sending an email to the wrong person)
  • Phishing, hacking, malware and ransomware



The fallout after a data breach can be devastating. Here are just a few of the unfortunate side effects that lawyers can experience:

  • Exposure of client data
  • Damage to reputation
  • Loss of billable hours and vital files
  • Costly fees for dealing with the fallout

Professor Roy Simon, Author of Simon's New York Rules of Professional Conduct Annotated, discussing the impact of the 2017 amendment to Rule 1.6(c)


CSR is a data privacy authority. We have augmented our knowledge of data compliance and security with the legal expertise of a superb Legal Advisory Council. The Council is composed eleven esteemed New York lawyers:


  • Compliance with the latest privacy and confidentiality rules and legislation in order to meet professional conduct requirements
    • 1.6(c), 1.1, 5.3, and more
  • An award-winning data privacy self-assessment tailored specifically for the professional lawyer
    • Evaluate how you handle data in your daily business dealings
    • Gain access to the latest resources, policy templates, and best practices
    • Create proof of your reasonable efforts to keep cleint data safe
  • Risk mitigation: Decrease your chance of experiencing a security breach through improved processes and safeguards
    • Avoid costly fines
    • Reduce the risk of damage to your reputation
  • Certification of Completion with an ID StaySafe Trust Shield Program seal for public display
    • Provide peace of mind for current clients
    • Earn business from potential clients who prioritize data security
  • Preparation of applications for cybersecurity insurance
    • Cyber insurance is getting harder to obtain. Legal Readiness is a perfect prep tool.

A cybersecurity insurance policy is a safety net for organizations that conduct business online. If a security breach occurs, it helps offset the costs incurred during recovery. Cybersecurity insurance can be costly and difficult to obtain, and many organizations simply overlook its importance. In fact, around three-quarters of small businesses do not carry cybersecurity insurance.

Policies are becoming increasingly expensive and difficult to obtain. One major benefit of CSR's Legal Readiness is that it increases your chances of obtaining an affordable policy. CSR privacy experts reviewed the application procedures of eight major insurance companies to confirm that the services CSR provides can strengthen a lawyer’s applications through self-assessment and remediation.


Hacker Holds Florida Lawyer's Data Hostage

In 2016, a law firm in Florida was contacted by a hacker who claimed to have accessed one of the lawyer’s emails, wire transfer instructions, and client information including birth dates and Social Security numbers. The hacker demanded the firm pay 18 Bitcoins (approximately $34,500 at the time) or he would place the private data up for sale. To show the hacker meant business, he provided a data breach website with indisputable proof of the hacking. The law firm stayed fairly quiet about the experience, but it’s safe to say it cost them a great deal of time, money, and stress.

Don’t take chances. The New York Courts expect and require "reasonable efforts" from you to protect confidential information. Assess how you handle confidential data, take steps to fix any weaknesses, and move forward now for $249.
Confidentiality and 1.6(c)

In 2017 the New York Courts modified their Rules of Professional Conduct paragraph (c) of Rule 1.6 (“Confidentiality of Information”) to impose the obligation that lawyers

“…make reasonable efforts to safeguard confidential information against unauthorized access by third parties and against inadvertent or unauthorized disclosure...”

It is further noted in comment [17] to Rule 1.6 that

“…a lawyer may be required to take specific steps to safeguard a client’s information to comply with a court order (such as a protective order) or to comply with other law (such as state and federal laws or court rules that govern data privacy…)”

3 Simple Ways Lawyers Can Protect Client Confidentiality
3 Simple Ways to Protect Client Confidentiality

Take some free advice. The “3 Simple Ways” download below will give you a taste of the straightforward advice and insight you can expect from the best practices available within Legal Readiness™. You know your business - and we know ours.

If you are doing all three of these things to protect you clients personally identifiable information, you are doing better than 95% of your peers. But you are still not doing enough.

Download 3 Simple Ways
Map of States that have Adopted ABA Rule 1.1 on Technological Competence

Map of States that have Adopted ABA Rule 1.1 on Technological Competence

Click image to view larger version.

Privacy Prime
  • 22 Jan 2018

    Meticulous Equifax Timeline

    Data Breach timeline for Equifax's 2017 Data Breach. One of the most significant data breaches to date.

  • 22 Jan 2018

    2017 Year End Review

    Every year breaches are becoming more prevalent and have a much higher impact then years prior. Take a look at some of the breach reports that it made it on our list.