New Jersey lawyers have a longstanding ethical obligation to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of information relating to the representation of a client. The actual scope of that obligation, however, remains uncertain in light of the dearth of guidance on the issue and the never-ending advances in technology that facilitate efficient and effective professional services. A recent California ethics opinion serves as an important guide to New Jersey lawyers regarding the use of electronic devices that contain confidential client information and the obligations of a lawyer in the event of actual or suspected unauthorized access by third parties to confidential client information.

In Formal Opinion No. 2020-203, the California State Bar Standing Committee on Professional Responsibility and Conduct (“Committee”) analyzed “a lawyer’s ethical obligations with respect to unauthorized access by a third person to electronically stored confidential client information in the lawyer’s possession.” The Committee concluded that a lawyer’s ethical obligations require: (i) assessing the risks of having confidential client data on all electronic devices and systems; (ii) taking reasonable steps to secure all electronic devices and systems to minimize the risk of unauthorized access; and (iii) in the event of a breach, conducting a reasonable inquiry to determine the scope of the breach, and notifying any client that has a reasonable possibility of being negatively impacted by the breach.