Protection of Client Confidential Information from Cyberattacks

Protection of Client Confidential Information from Cyberattacks Is a Compelling Business and Ethical Priority for Inside and Outside Corporate Counsel

By E. Norman Veasey

Criminal cyberattacks are rampant. The criminals who launch these attacks target law firms and businesses mercilessly—around the clock. Inside and external corporate counsel have an urgent responsibility not only to understand the perils that these attacks present to law firms and corporate law departments but also to take defensive action.

This article briefly mentions some of the criminal tactics that have resulted in horror stories of cyberattacks. The principal mission of the article, however, is not to expound on technological issues but rather to highlight the ethical responsibility of individual lawyers and firm leaders in protecting client information.

Many cyberattacks should be preventable with an understanding of vulnerable areas, attack methods, and the preventive steps that lawyers and firms should undertake. Inside corporate counsel and external lawyers cannot be expected to be technological experts. Rather, individual lawyers and law-firm managers need to realize the nature and extent of the peril and see to it that preventive measures are implemented with expert assistance.

Central to this article is an analysis of the American Bar Association’s (“ABA’s”) Model Rules of Professional Conduct (“Model Rules”) and its Official Comments on protecting client information. The Model Rules have been amended to emphasize that lawyers must keep abreast of the benefits and risks associated with relevant technology, and that lawyers must make reasonable efforts to prevent unauthorized access to client information. A substantial majority of jurisdictions, but not all jurisdictions, have adopted these amendments. This article urges the remaining jurisdictions to follow that lead.