ABA Issues Formal Opinion Detailing Lawyer Obligations Relating to Cyber Attack Incidents
Law firms—more so than other business entities—are prime targets, and victims, of computer-network penetration and data theft. Law firms have access to their clients’ personal information, including sensitive, heavily regulated health, financial, and proprietary business information. In addition, attorneys and firms rely heavily on computers, networks, and the storage of electronic data for their day-to-day operations. Importantly, however—even still today—the operation of law firms is generally not managed as closely or efficiently as other businesses. For the malicious hacker, then, a law firm's computer network may be much easier to penetrate than that of its clients. In addition to hackers, law firms also face significant data breach threats originating from inside the firm as well.
Cognizant of these significant risks and vulnerabilities, the American Bar Association Standing Committee on Ethics and Professional Responsibility recently released Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack,” which provides detailed guidance regarding the ethical obligations that lawyers must adhere to both before and after a cyberattack occurs. Formal Opinion 483 sets a high bar in terms of lawyers’ ethical obligations associated with data breaches, and as such should prompt law firms and lawyers to closely review their data breach incident preparation and response policies and procedures to ensure that they conform with their legal ethical duties.
To read the full article, please click here.
"ABA Issues Formal Opinion Detailing Lawyer Obligations Relating to Cyber Attack Incidents," by David J. Oberly was published in the Summer 2019 edition of The Update, a newsletter publication of the Ohio Association of Civil Trial Attorneys. Reprinted with permission.