Cybersecurity and Legal Ethics: What You Need to Know

Date Icon
October 21, 2023

If you are like most attorneys, you aren’t a cybersecurity expert.  There is no shame in making such an admission.  After all, you were trained in the field of justice and upholding the law as opposed to the nuances of internet security in the context of client representation.  However, ethics are also applicable to the cyber realm as you have a duty to safeguard sensitive data with a secure network, software updates, and the proper data management protocols.  Even the subtleties of your practice management software that facilitates legal service in the form of a virtual practice matters a great deal.

Legal Ethics in the Context of Cybersecurity for Attorneys

Legal ethics mandate that attorneys preserve client records and also keep client information as well as all other private information fully secure.  In plain terms, this means if you store information in the cloud or on the web in any capacity, you must ask the service provider in question as to how such confidential data is stored and protected.  

It will also help to educate yourself about cybersecurity so you can provide clients with advice regarding how to safeguard their sensitive information when interacting with your law firm.  Review the security policies of your cloud service provider, email provider, file sharing service, security software vendors, and even mobile device managers. Find out who has access to your confidential information, whether the information is sold based on the data you provide to them, and whether details pertaining to the data’s privacy are removed before such a sale.

Data Protection

The confidential data you store about your law firm and its clients must be protected at all costs.  Do some digging into the services providers listed above to determine if they have the proper data protection measures in place.  In particular, it is especially important for such services provider to have highly effective data encryption to safeguard data.  

Even the physical security of the facilities where data is stored also matters a great deal.  Find out whether data is backed up.  Ask how you will be notified in the event of a breach.  In fact, it is even in your interest to review the language of the contract to develop a full understanding of your contractual rights.

Ethical Opinions Pertaining to Cybersecurity and Data Security

Every attorney has an ethical duty to preserve and secure client data.  The American Bar Association has even gone as far as publishing the rules about how attorneys are to protect and preserve client data in accordance with established legal ethics.  Such rules require that the attorney maintains a duty of confidentiality to clients, potential clients, and prior clients.  Attorneys are also required to preserve case evidence and records to guarantee important data is not erased or lost.  

Managing Risk During Data Exchanges

The exchanging of data must occur in a protected and secure manner.  In other words, only authorized individuals should be empowered to see such data.  Some state bars even go as far as advising the use of encryption tools for client communication to ensure sensitive data is masked just in case it is intercepted or improperly accessed by an unauthorized party.