What Do Data Breaches Mean for Client Confidentiality?
by Paul La Fayette, Esq.
Tuesday, August 02, 2016
Every attorney is entrusted with protecting the confidences of their clients, whether those confidences are proprietary trade secrets, financial statements, medical records or even social security numbers.
Model Rule 1.6 of the ABA code provides that lawyers shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure or access to confidential client information.
Most attorneys would recognize that leaving a confidential client record at a coffee shop or on the bus, even if inadvertently, is a potential breach of duty owed to the client. That being said, technology has transformed society and the legal profession. Client records are now stored on hard drives, servers and thumb drives, and exchanged in emails. The days of making sure the file cabinet is locked are over.
Data breach at law firms
On a daily basis we are made aware of data breaches and surreptitious data mining. While high profile breaches such as those that have taken place with Target, Home Depot and eBay have been well covered, more recently, hackers have hit law firms.
In a recent article, the Wall Street Journal reported that hackers “broke” into the computer networks of a number of large and prestigious law firms for the purpose of obtaining information for insider trading.
Another instance involving a Panama offshore firm resulted in 11.5 million leaked documents of some of the world’s wealthiest individuals and companies.
Taking this into consideration and placing it into the context of an attorney’s duty to the client, the question becomes not only one of potential ethical violations but also one of malpractice and exposure.
Data breach exposure can be extensive – what is the value of a stolen trade secret, or the impact of a premature disclosure of a merge of two Fortune 500 companies? The potential exposure comes down to a simple analysis of negligence – did the attorney take reasonable efforts to safeguard the confidential information of a client?
Protecting your firm’s cybersecurity
In light of the extensive efforts of hackers and cybercriminals, it is time for legal professionals to step up their game.
Increased vigilance and efforts must be taken to enhance security measures and protect electronically stored information. However, hackers are tenacious and constantly coming up with new and creative ways to breach security. With this in mind, relying on a 2009 version of security software is likely not a “reasonable” effort to safeguard confidential information.
Reasonable efforts are more likely to involve continual reviews of system security and regular updates of security measures. Additionally, these efforts may well help protect an attorney or firm from malpractice exposure.
Remember, hackers and cybercriminals are not going away. Instead, they are finding new targets and law firms need to be prepared.