You are here:  Home  >  Policy Two – Lawyers

Policy Two – Lawyers

Policy Two:    A Lawyer must protect their data in ways he/she cannot understand


The legal world is frightening and filled with misconceptions and contradictions. The one thing that you can always depend on in matters of legal involving attorneys as well as the court system is that the industry has little comprehension about technology and how it works. Worse, you will still find attorneys that still use “aol” or “yahoo” email accounts. Attorneys are not immune, nor should they take the issue of the diligence of their records lightly.

Attorneys collect privileged information which legally must be protected. Not only is the information important, if it becomes publicly known the client gets two bullets and you the owner of the law firm has to explain how privileged information leaked. The client will most likely sue you because his information has been leaked and whatever case he/she retained you for has now imploded because their information is public or worse shared with the opposing side.

A law firm is prime territory for information exploitation. The American Bar Association Standing Committee on Ethics and Professional Responsibility stated that attorneys must make reasonable efforts to ensure that communications with their clients are secure and not subject to inadvertent or cybersecurity breaches. The American Bar Association states “Each device and each storage location offer an opportunity for the inadvertent or unauthorized disclosure of information relating to the representation thus implicate a lawyer’s ethical duties.”

In fact, the American Bar Association has a Model Rules of Professional Conduct – Rules 1.1 focuses on competency, and it includes a technology clause. It provides that lawyers must stay informed of “the benefits and risks associated with relevant technology.”  Attorneys must take extra care in not only their records but even text messages

Instead of detailing to you what can happen if you as law firm do not keep a diligent cybersecurity policy, I find that it would be better to simply give you an example of a law firm that suffered a horrible breach via a weakness in their website that was exploited and the attacker retrieved a massive volume of information without anyone being the wiser. The attacker then released the information for all the world to see.

I give you the tale of Mossack Fonseca and the Panama Papers.