ABA Journal: “Lawyers have to safeguard client data and notify clients of a data breach, and the ABA Standing Committee on Ethics and Professional Responsibility has issued a formal opinion that reaffirms that duty. In Formal Opinion 483, issued Tuesday, the standing committee also provided new guidance to help attorneys take reasonable steps to meet this obligation….This opinion builds on the standing committee’s Formal Opinion 477R released in May 2017, which set forth a lawyer’s ethical obligation to secure protected client information when communicating digitally. “When a breach of protected client information is either suspected or detected, Rule 1.1 requires that the lawyer act reasonably and promptly to stop the breach and mitigate damage resulting from the breach,” Formal Opinion 483 says.
To that end, this week’s new formal opinion only discusses the breach of client data, not other data breaches that may also require action on the part of an attorney or firm. The ethics opinion implicates Model Rule 1.1 (competence), Model Rule 1.4 (communications), Model Rule 1.6 (confidentiality of information), Model Rule 1.15 (safekeeping property), Model Rule 5.1 (responsibilities of a partner or supervisory lawyer) and Model Rule 5.3 (responsibilities regarding nonlawyer assistance). Like many ethics opinions regarding technology, this opinion does not endorse particular hardware or software, but rather presents “reasonable” steps a lawyer could take…”