ABA Issues Formal Opinion on Lawyers' Duty in Case of Cyber Attack

The American Bar Association Standing Committee on Ethics and Professional Responsibility released a formal opinion this week that reaffirms the duty of lawyers to notify clients of a data breach and details reasonable steps to be taken to meet obligations set forth in model rules. “When a breach of protected client information is either suspected or detected, Rule 1.1 requires that the lawyer act reasonably and promptly to stop the breach and mitigate damage resulting from the breach,” Formal Opinion 483 says. “Lawyers should consider proactively developing an incident response plan with specific plans and procedures for responding to a data breach. The decision whether to adopt a plan, the content of any plan and actions taken to train and prepare for implementation of the plan should be made before a lawyer is swept up in an actual breach.” Read more here.
 
          | TBA Law Blog