As in-house counsel, you provide your outside counsel with some of your company's most highly sensitive information. Your company may have robust procedures for evaluating other third-party vendors with access to company data, but often with respect to law firms, the procurement process is left solely to in-house counsel. Do you know what your law firms are doing to protect that information from cyber attacks and other disclosures? Even if you consider your company to be at low risk for cyber incidents, can the same be said of your law firms? This discussion will explore the issue of law firm data security - how to address the issue when retaining a new firm or raise the issue with an existing firm. The panel will also discuss what policies and processes should be applied inside the legal department to meet in-house counsel's ethical obligations under Rule 1.6 of the Model Rules of Professional Conduct.