In 2018, the American Bar Association Standing Committee on Ethics issued its Formal Opinion 18-483, which outlines a framework for when law firms are ethically obligated to notify clients of data breaches jeopardizing the security of their confidential information. In its ethics opinion, the ABA noted that law firms should employ reasonable efforts to monitor the security of their information, and advised lawyers to “act reasonably and promptly to stop the breach and mitigate damage from the breach.” Law firms should, as a matter of professional responsibility, have data breach plans in place in order to remediate cyber intrusions.
In addition, the committee wrote that, “an obligation exists for a lawyer to communicate with current clients about a data breach.” However, not all cyber episodes require client notification. While a cyber intrusion which does not gain access to client confidential information needn’t be disclosed, “disclosure will be required if material client information was actually or reasonably suspected to have been accessed, disclosed or lost in a breach.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]