(3)ETHICAL OBLIGATIONS IN DATA SECURITY AND DATA BREACH RESPONSE

摘要

Law firms are increasingly becoming the prime targets for hackers seeking valuable information to monetize or ransom. Although many lawyers are technically savvy, many are not, and even those that are can fall prey to phishing and other scams, or their information technology (IT) systems may not withstand sophisticated cyberattacks. When combined with the highly confidential and easily monetizable information in a firm's possession, many firms are irresistible to data thieves. If a firm discovers that client confidential information has been compromised in a cyberattack, it should review the American Bar Association's (ABA) rules and opinions as well as the current state and federal laws regarding data breach notification. However, much of the most sensitive information in a firm's possession may not clearly trigger notification obligations under existing laws, and accordingly, lawyers might not know exactly what steps to take with regard to client notification or otherwise in the aftermath of a data breach. The ABA realized this and has provided helpful guidance to lawyers who may find themselves facing a data breach involving client information.