The ABA’s Standing Committee on Ethics and Professional Responsibility has released an opinion that its Model Rules of Professional Conduct require lawyers to monitor for and prevent data breaches, determine what occurred, restore systems, and inform clients if their sensitive data is breached.
However, it clarified that an ethical violation doesn’t necessarily occur if a hacker successfully hides its activities, “despite reasonable or even extraordinary efforts by the lawyer.”
The ABA uses “reasonable efforts” throughout the opinion when discussing how to ethically deal with current and potential data breaches. It defines their nature and scope based on “The ABA Cybersecurity Handbook,” which focuses on security responses rather than specific software needed.
