Card image cap

Darkest Hour? Shining a Light on Cyber Ethical Obligations

Level: Intermediate
Runtime: 93 minutes
Recorded Date: June 27, 2018
Click here to share this program
Printer-Friendly Version


  • The Threat Environment Lawyers and Law Firms Face Today
  • The Legal Ethics Framework
  • Consequences of a Data Breach or Incident
  • What to Do Right Away after a Breach or Incident
  • What You Can Do Now to Protect Yourself and Your Clients
Runtime: 1 hour and 33 minutes
Recorded: June 27, 2018


Learn about key risks and how to avoid them, including metadata missteps, damaging electronic messages, record-keeping nightmares, portable device perils, social networking snafus, Wi-Fi pitfalls, outsourcing obstacle courses, cloud computing complications, and damaging data breaches.

Behind the scenes (and often underreported in media headlines), law firms are increasingly being targeted in cyber attacks because they are treasure troves of client information. These attacks raise implications for lawyers, law firms, and practitioners and their ethical duties, including competence, confidentiality, and supervision of lawyers and nonlawyers.

At the same time, technology has transformed the practice of law, providing unprecedented access to information, streamlined workflow, and instantaneous and cost-effective communications. Yet lawyers who race to use the latest and greatest technology do not always see the corresponding ethical issues lurking beneath the surface.

This program was recorded on June 27th, 2018.

Provided By

American Bar Association
Card image cap


Card image cap

Arlan McMillan

Chief Security Officer
Kirkland & Ellis, LLP

Arlan is responsible for firmwide cybersecurity, physical security, investigative services and business continuity management. He joined Kirkland from United Airlines, where he was the chief information security officer and HIPAA security officer. Arlan has over 20 years of experience working in information security and technology and is currently the Legal Sector Deputy Chief for the FBI-Infragard Midwest chapter.

Card image cap

Catherine Sanders Reach

Director, Center for Practice Management
North Carolina Bar Association

Catherine Sanders Reach is Director for the Center for Practice Management at the North Carolina Bar Association, providing practice technology and management assistance to lawyers and legal professionals. Formerly she was Director, Law Practice Management and Technology for the Chicago Bar Association and the Director at the American Bar Association’s Legal Technology Resource Center. Prior to her work at the NCBA, CBA and ABA she worked in library and information science environments for a number of years, working at Ross and Hardies as a librarian. She received a master’s degree in Library and Information Studies from the University of Alabama, Tuscaloosa in 1997.

Catherine’s professional activities include articles published in Law Practice magazine, Law Technology News and GPSolo Magazine, as well as numerous other publications. She has given presentations on the use of technology in law firms for national bar conferences, state and local bar associations and organizations such as the National Association of Bar Council and the Association of American Law Schools. In 2011 she was selected to be one of the inaugural Fastcase 50, celebrating 50 innovators, techies, visionaries, and leaders in the field of law and in 2013 became a Fellow of the College of Law Practice Management. In 2015 she was selected to be part of the ABA LTRC Women of Legal Tech. She served on the ABA TECHSHOW Board from 2007-2009, 2014-2016, was co-vice chair in 2019 and was co-chair for 2020.

Card image cap

Karen Randall, Esq.

Founder & Chair of the Cybersecurity and Data Privacy Practice
Connell Foley LLP

Karen Randall is founder and chair of the Cybersecurity and Data Privacy practice, co-chair of the Professional Liability practice and a senior trial counsel at Connell Foley. She represents clients in complex litigation, and regulatory compliance and defense matters involving cybersecurity, data protection and privacy, social media and professional liability. Karen also has substantial experience with employment law, business litigation and insurance law. She provides counsel and advocacy in federal and state courts for both professionals and businesses across a broad range of industries.

Karen has an extensive background counseling lawyers and law firms, health care entities, financial institutions and retail clients by providing proactive plans to address the myriad cyber risks they each face. She serves as a "breach response coach" across various industries, as well as for cyber insurance carriers, and offers strategic solutions related to post-breach matters including statutory notification requirements, class action litigation, regulatory enforcement actions, forensics and crisis management. Karen also helps companies conduct risk/security assessments, as well as implement data security and information governance policies and procedures, and security awareness training for employees.

In addition, Karen maintains a strong professional liability practice, working closely with law firms, health care and assisted living institutions, architects and engineers, directors and officers and accountants. In her complex litigation work, she handles premises liability matters for major retailers and substance abuse treatment centers as well as amusement parks, concert venues and bowling centers. She defends these entities against diverse claims, including significant sexual molestation and elder abuse matters.

A member of the International Association of Privacy Professionals (IAPP) and co-chair of its New Jersey KnowledgeNet Chapter, Karen is integral to numerous efforts to educate lawyers on information security and the ethics of data protection. She received two ABA presidential appointments to serve on the Cybersecurity Legal Task Force and the Standing Committee on Lawyer’s Professional Liability. She is a founder and co-chair of the New Jersey State Bar Association’s Cybersecurity Legal Task Force. Karen also serves as vice chair of the USLAW Network Cybersecurity and Data Privacy Group and co-chaired the Claims and Litigation Management Alliance's (CLM) NYC Cyber Summit. In addition, she is a member of the HIMSS' Security and Privacy committee. Most recently, Karen was selected by Bloomberg BNA to serve as its New Jersey Contributing Editor on cyber and privacy issues for Bloomberg Law: Privacy & Data Security, focusing on the regulatory and compliance landscape of data protection laws in the U.S. and around the world.

A Fellow of the American Bar Foundation, Karen was appointed by Chief Justice Stuart Rabner to serve on the Board on Civil Trial Certification.

Karen's commitment to leadership, frequent speaking and writing underscore her trailblazing impact on the cybersecurity landscape.

Card image cap

Similar Courses

Card image cap
64 minutes
"I Am Not a Cat" Proceedings in a Virtual World
Besides becoming a pop-culture catchphrase, how has the shift to a virtual environment impacted proceedings over the last year, and what changes do you believe are here to stay? Our panel of experts will examine some of the greatest challenges, faux pas, and successes in virtual proceedings over the course of this transformative time.

Women, Influence & Power in Law Conference


Add to Cart
Card image cap
63 minutes
2021: The Year of the ELM
Panelists will clarify what constitutes an ELM platform, examine its unique and compelling capabilities, and discuss its strategic and tactical advantages, particularly those stemming from data-driven insights and machine-driven decision making. Attendees will gain a clear understanding of the significance of the emergence of ELM solutions, what firms and law departments can achieve with ELM platform, and practical and ethical considerations related to adopting an ELM solution.



Add to Cart
Card image cap
97 minutes
26 Words that Created the Internet - Basics of the Communications Decency Act Section 230 Safe Harbor
This program will examine the basics of CDA 230 and its day to day affect for those who advise internet businesses as well as those who litigate against them. It will give practical guidance as to what extend internet companies can or should edit or censor the information their users contribute to their sites and to what extent those users will actually be liable.

New Media Rights


Add to Cart
Card image cap
63 minutes
360-Degree View on How to Navigate a Crisis
During this session, our panel of experts will explore the following topics to arm you with a plan to protect the company and minimize long-term problems: - Building a crisis management team and understanding each person’s unique role -Preparedness – advance planning and assessing potential risk areas - First Response – responding in the critical first hours and days to minimize the long-term impact - Resolution Strategy – managing various actions stemming from the crisis to enable the best resolution for the company.

Women, Influence & Power in Law Conference


Add to Cart
Previous Next