Legaltech & legalAttorney-client privilege
Attorney-client privilege
doesn't survive a breach.
Legaltechs hold data covered by attorney-client privilege — contracts, litigation, legal strategy. A leak here isn't just a technical incident. It's a breach of professional ethics.
Applicable regulations
Attorney-client privilege
PermanentAn absolute professional obligation. Exposing client data is a breach of professional secrecy (Art. 226-13 French Penal Code).
GDPR — sensitive data
In forceLegal data often includes information about offenses and convictions (Art. 10 GDPR) — processing is heavily regulated.
Bar Association rules
In forceThe French National Bar Council (CNB) sets digital security obligations on lawyers and firms.
Common legaltech vulnerabilities
- Legal documents sitting in publicly accessible buckets
- APIs serving client files without per-matter access control
- User enumeration that reveals a firm's client list
- Attorney-client communications moving unencrypted
- Weak authentication on client portals (no 2FA)
A data leak in legaltech doesn't just make headlines. It kills client trust and puts the firm on the wrong side of disciplinary proceedings.