The belief that “The odds of a computer or network breach isn’t an if, it’s only a when” is practically dogma now. Given this reality, every law practice, to include solo attorneys, should have a data security plan in place. Yes, I know the task can seem a bit daunting, particularly if you have no idea where to start; but failing to do this is no longer an acceptable choice. Putting our ethical duties and various state and federal regulations aside, every client expects to have whatever sensitive and personally identifying information they provide to you properly safeguarded. That’s the bottom-line. Here’s a guide put out by the FCC to help you fulfill your ethical duties.
The days when a lawyer could send an unencrypted email without worry, remain blissfully ignorant about encrypting a laptop, or use the same easily remembered password for all accounts and devices are over. I believe most lawyers know this, at least at a gut level; but far too many still seem to be confused about what steps they should be taking. If you see yourself as a card carrying member of the “what the heck am I supposed to do” group, perhaps I can help.
Lawyers and firms who underestimate the risk of a cyber attack or who fail to take affirmative steps to protect their data, have an increased risk of becoming the subject of a disciplinary or malpractice claim. Rule 1.6 Confidentiality of Information, which prohibits lawyers from revealing confidential client information, also speaks to a lawyer’s duty to protect client information. What can you do to mitigate this risk?