Lawyer Ethics and Cybersecurity Obligations to Clients (2016 Review)

Lawyer ethics and cybersecurity obligations

"Protecting and securing client confidences is now grounded in the ethics rules.

We must take real steps toward increasing our level of technology competence in order to effectively address the threats to the security of our information systems that include clients’ confidential information and to reasonably and competently secure those systems."

 - Tracy Vigness Kolb, author of Technology Competence: The New Ethical Mandate for North Dakota Lawyers and the Practice of Law

It's rooted in lawyer ethics and agreed upon by Tracy's North Dakota Bar Study conclusion, that lawyers and law firms are information fiduciaries.

What's an information fiduciary pertaining to lawyer ethics?

Jack M. Balkin states what an information fiduciary is perfectly in his UC Davis Law Review, "Information Fiduciaries and the First Amendment," published April 2016.

"This concept describes an important category of people and businesses in the digital age.

I will argue that many online service providers and cloud companies who collect, analyze, use, sell, and distribute personal information should be seen as information fiduciaries toward their customers and end-users.

Because of their special power over others and their special relationships to others, information fiduciaries have special duties to act in ways that do not harm the interests of the people whose information they collect, analyze, use, sell, and distribute.

These duties place them in a different position from other businesses and people who obtain and use digital information. And because of their different position, the First Amendment permits somewhat greater regulation of information fiduciaries than it does for other people and entities."

How to uphold your lawyer ethics

It's these lawyer ethics rules found within Tracy's and Jack's writings that contemplate lawyers acknowledge if they have technology limitations, obtain appropriate expertise if necessary and to seriously look into stand-alone cybersecurity insurance.

If you need help, get help.

General Liability and professional liability insurance are not designed to fully protect you for technology-related losses, such as loss of data, restoration efforts or notification responsibilities of an actual data breach.

Do you have the knowledge and time to deal with the aftermath of a breach?

Here are a few items to consider when a breach occurs:

  • Finding and hiring a digital forensics consultant to determine how your systems were compromised, recover your data, eliminate the threat and determine if an actual breach occurred;

  • Reporting and documenting the incident to your FBI regional office;

  • Hiring and working with a data breach lawyer on ethical and regulatory notification requirements;

  • Repairing your tainted reputation in the community.

You care enough about your clients and your own law firm to buy E & O insurance. You need a stand-alone Cyber Liability Insurance policy to fully protect your clients, your assets and your reputation.