On April 8, Doug Austin of CloudNine featured the Ride the Lightning (RTL) post “The Lawyer’s Ethical Duties After a Data Breach” in his own post. His blog post, “What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices” is featured in CloudNine’s eDiscovery Daily Blog. CloudNine is a legal intelligence technology company with deep expertise in the analysis, processing, and review of electronically stored information (ESI). Ride the Lightning is an electronic evidence and cybersecurity blog by Sensei’s Sharon Nelson.
Excerpt: When I spoke at the University of Florida E-Discovery Conference last month, there was a question from the live stream audience about a lawyer’s duty to disclose a data breach within his or her law firm. I referenced the fact that all 50 states (plus DC, Guam, Puerto Rico and the Virgin Islands) have security breach notification laws, but I was not aware of any specific guidelines or opinions relating to a lawyer’s duty regarding data breach notification. Thanks to an article I came across last week, I now know that there was a recent ABA opinion on the topic.
An article written by Anton Janik, Jr. of Williams Mitchell and originally published in the 2019 Winter edition of The Arkansas Lawyer and republished on JD Supra (The Lawyer’s Duty When Client Confidential Information is Hacked From the Law Firm, hat tip to Sharon Nelson’s terrific Ride the Lightning blog for the reference) takes a look at a lawyer’s duties following a data breach and discusses the requirements of ABA Formal Opinion 483, which was issued in October 2018.