Legaltech and attorney-client privilege: what vendors forget when storing acts
Privilege is not just another GDPR checkbox
Attorney-client privilege is not one compliance item among others — it's a criminal-law obligation. Yet many legal tools treat legal acts as plain client files.
What causes problems
The line to hold
A confidential act must be unreadable to the vendor. Encryption, access separation, access proof. Without that, the commercial promise doesn't hold when an incident happens.
Related articles
Three adjacent analyses to keep exploring the same attack surface.
Attorney-client privilege & GDPR: specific obligations for legaltechs
Legaltechs have a dual obligation: GDPR + professional secrecy. A breach = ethical violation.
Legaltech: electronic signature mistakes that weaken evidentiary value
A poorly implemented e-signature can be contested in court. Critical points to review in a legaltech product.
Payslip PDFs: where teams get storage wrong
Public buckets, guessable URLs, app-only access control — the most common storage mistakes for payslip documents.
Sources
Editorial analysis based on official vendor, project, and regulator documentation.
Related services
If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.