Eli Mattern is an attorney and the director of technology at Community Legal Services (CLS), a legal aid organization based in Orlando, Florida, where she is responsible for data security and deploying technology. Mattern is also the founder of an access to justice software firm. She has spent her career at the intersection of law and technology.
Cybersecurity Insiders: Welcome, Eli! Tell us about legal aid and the mission of your organization, CLS.
Eli Mattern: To help provide context, I’ll start with our mission: We exist to expand access to justice. We primarily serve people who cannot afford a lawyer or who don’t know how to navigate our complex legal system. When citizens have access to and knowledge of the system, it creates efficiency and immediate impact that benefits not only individuals but also their families and communities.
CLS serves the 12 counties of central Florida, where nearly one million low-income people qualify for legal aid services. Our case load is typically around 10,000 matters each year, handled by our team of 65 staff attorneys and approximately 200 pro bono volunteers.
Cybersecurity Insiders: What are some of the challenges you face as director of technology at a legal aid organization?
Eli Mattern: Legal aid technology professionals exist at an interesting intersection of two industries. Think of a Venn diagram where traditional law firms overlap the nonprofit sector – we face the challenges of each.
Our client teams consist of both paid and volunteer legal professionals. Like other law firms, we work with clients on issues such as family law, housing, and consumer matters; thus, we handle very sensitive and protected personal data such as medical records and financial information. So compliance and confidentiality are always top considerations.
Most legal aid organizations operate as nonprofits, receiving funding from donors, public and private grants, and pro bono support. As a nonprofit, many of our funding sources and amounts are public, which creates additional risk. Like other nonprofits, legal aid offices are often resource-restricted and must seek out cost-effective data management tools and external providers to best serve clients.
While this overlap of law and nonprofit creates a very specific set of cybersecurity risks for legal aid organizations and their professionals, I also think it creates opportunities for data security managers.
Cybersecurity Insiders: Let’s talk about the top risks first, then we’ll move on to opportunity.
Eli Mattern: Sure. For most cybersecurity professionals, the legal and nonprofit sectors do not immediately come to mind as high-risk. However, because law firms and nonprofits handle both highly sensitive personal data and confidential client/donor information, they face unique threats in the security ecosphere.
Law has traditionally been slow to change its data security posture. The profession is run by lawyers who, quite naturally, focus on practicing law. It is also a relatively conservative industry, slower to implement unproven technologies. The profession is a rich target for bad actors. Financial transactions, account balances, health information, intellectual property, privileged information, private communications, sensitive family matters, and criminal histories are all vulnerable, as are a firm’s own business communications and operations.
On the nonprofit side, donor data can include account information, financial holdings, net worth, estate plans, etc. Sometimes grant data (public and private) outlines staff salaries, job qualifications, and other sensitive personnel information.
Nonprofits struggle to access adequate funding for many non-mission-critical programs – information technology included – and legal aid organizations are no different, operating on tight budgets. Like many small businesses, we often outsource much of our data management to software-as-a-service (SaaS) providers. Obviously, this creates additional access points and the need for more layers of security. It impacts our overall risk posture and underscores the need to fully understand our partners’ terms of service, especially how our data will be used and protected.
Lastly, as hybrid nonprofit/law firm entities, many legal aid organizations don’t have the bandwidth to fully flex and stress test their owns cybersecurity protocols. Playing catch-up with data security is a high-risk endeavor!
Cybersecurity Insiders: Where do you see opportunity for legal aid organizations in terms of technology and security?
Eli Mattern: Some may be frightened or intimidated by the promise of new technology, but many legal aid professionals know that there is no way to adequately meet the access to justice need without technology tools.
These tools vary widely but include categories like pro se assistance applications which may help individuals self-serve their way though legal issues (such as a parking ticket, eviction, or divorce). Other systems empower legal professionals or community partners. For example, medical legal partnerships are a growing trend in the legal aid community. A medical legal partnership can be structured several different ways, but ultimately involves coordinating legal and medical care. This can assist with chronic health conditions that are exacerbated by environmental injustices.
One technology pilot project undertaken by a legal aid as a part of their medical legal partnership used AI technology to scan doctors notes for issues that could have a legal remedy. Then the system would refer those cases to an attorney for further review. One type of case that these medical legal partnerships surface are chronic mold issues which send an asthmatic child to the hospital frequently. If the attorney can get a landlord to rectify the moldy living conditions, then that child may no longer need recurring medical interventions. To facilitate these type of partnerships, technology tools need to understand and navigate HIPPA regulations but also facilitate collaboration so that the community is ultimately healthier.
Other opportunities include complex data analysis, which is proving very effective. It gives us the ability to quickly analyze large populations and find geographic or service category gaps. Off-the-shelf solutions such as video conferencing, document share, text messaging, and even email help us maintain contact with clients and manage “to-dos” with individuals who may not be used to the legal system’s complex processes.
Some legal aids are pioneering SMS-based pro se prompts which checks in with individuals who have signed up for case assistance. These tools may help someone navigate a foreclosure filing in semi-real time by making the information available on-demand as the person needs it.
I’m very excited to see colleagues building innovative systems and apps that meet our complex needs of our communities while keeping the information secure
Cybersecurity Insiders: What does the future hold for legal aid firms in terms of data security?
Eli Mattern: Technology – and, by default, cybersecurity – will play an increasingly crucial role in the administration of justice in the coming years. Legal aid leads the law industry in technological innovation. I’m excited to help push the envelope in terms of tech adoption, and I’m confident that legal aid will continue to lead in cybersecurity issues for the industry. By our very nature, we have to be resourceful and thorough – and there’s no reason that shouldn’t continue.
Join our LinkedIn group Information Security Community!
