Today, law firms of every size are relying on technology more than ever before. However, a firm’s investment in securing its information systems pales in comparison to that of its corporate counterparts, leaving law-firm clients’ data unnecessarily at risk. Although there has been a modest increase in regulation for firm management overall, law firms have largely ignored the threat of data breaches, failing to adhere to widely accepted information security standards. This lack of compliance has caused cyber criminals to shift their sights from the client to the vulnerable information security systems of law firms. This Note proposes a proactive, regulatory approach to establish a technology infrastructure in law firms, thus ensuring the protection of client information.