Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Cybersecurity Law & StrategyFeaturesCybersecurity

Data Breaches: Adding a New Layer to the Risk of Legal Malpractice

By Karen Painter Randall and Steven A. Kroll
February 01, 2020

The news these days is filled with reports of significant data breaches. In fact, most experts opine that it is not a matter of "if" but "when," as to whether an entity will fall victim to a cyberattack. Unfortunately, those in the legal profession are not immune to a data breach. What's more, ethical obligations put lawyers and law firms at even greater risk for significant business, financial and reputational harm should they experience a cyberattack. More firms are falling prey to schemes as simple as "phishing" tactics or as sophisticated as a coordinated cyberattack, exposing client data that could include sensitive financial information, market-influencing mergers and acquisitions intelligence, and intellectual property from a patent filing. As a result, attorneys have both an ethical and legal duty to take reasonable steps to protect their clients' personal sensitive data against a cyberattack, or face serious ramifications.

Why Law Firms Are Prime Targets

Law firms are a soft target to hackers as they possess a large volume of critical data. For example, an attorney involved in a highly sensitive business transaction has access to information ranging from a client's personally identifiable information (PII), to details of a business' confidential transactions. Moreover, through discovery and the litigation process, law firms gain access to, among other items, their clients' as well as adversaries' PII, personal health information (PHI), and confidential financial information. Everything from trade secrets, to sensitive market-moving information about a company's finances, to a client's PHI occupies a law firm's files and servers. Additionally, because attorneys tend to identify and isolate this information, hackers are able to quickly and efficiently locate this highly sensitive data. As such, by targeting law firms, cyber criminals have the ability to access a plethora of valuable information located in one place.

Moreover, law firms tend to employ fewer resources toward implementing strong cybersecurity controls, making them more susceptible to an attack. According to the American Bar Association Legal Technology Resource Center's 2019 Legal Technology Survey Report, 26% of respondents report that their firms have experienced some sort of security breach (ranging from hacker activity and website exploits, to more mundane incidents such as lost or stolen laptops). Although the 26% figure is notable, also eye-catching is the 19% of respondents who reported that they do not know whether their firm has ever experienced a security breach. Moreover, the survey found that only 31% of the respondents had an incident response plan. Additionally, only 44% of the respondents use file encryption, 38% use email encryption, and 22% use whole/full disk encryption.

It is evident that heading into the new decade, law firms will continue to be ripe targets for a cyberattack, and must take steps to add additional layers of protection to safeguard their clients' information, and to reduce the possibility of a malpractice claim.

Legal and Ethical Consequences of a Breach

The ethics rules require attorneys to be competent and take reasonable measures to safeguard information relating to clients (ABA Model Rules 1.1 and 1.6 and comments). The comments to ABA Model Rule 1.1 state that "[t]o maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject."

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.