ABA Formal Opinion 483, just issued October 17, 2018, explains Lawyers’ Obligations After an Electronic Data Breach or Cyberattack. This Opinion continues the discussion begun in ABA Formal Opinion 477R Securing Communication of Protected Client Information, that it is a lawyer’s ethical responsibility to use reasonable efforts when communicating client confidential information using the internet.
Opinion 483 indicates that the lawyer’s duty of competence may include:
- obligation to monitor for a data breach
- stopping the breach and restoring systems
- determining what occurred
When a data breach occurs involving, or having the substantial likelihood of involving, material client information, lawyers have a duty to notify clients of the breach and take
other reasonable steps consistent with their ethical obligations to keep clients “reasonably informed” with an explanation “to the extent necessary to permit the client to make informed decisions regarding the representation.”
The Opinion only looks at the lawyer’s ethical obligations and “does not address other laws that may impose post-breach obligations, such as privacy laws or other statutory schemes” that may require notification. Remember, OBLIC provides our policyholders with basic data breach coverage without extra cost to the insured. If you experience a data breach, contact OBLIC immediately!
Practice Tip: For information to assist you with cyber security, visit OBLIC’s Cyber Toolbox on the OBLIC website. We have extensive resources to help you with a Risk Assessment as well as drafting an Incident Response Plan and training modules for your office lawyers and staff.
If you have any questions, please feel free to contact OBLIC.
Gretchen Koehler Mote, Esq.,
Director of Loss Prevention