CURRENT MONTH (October 2018)
Professional Responsibility
ABA Ethics Committee Opinion on Large-scale Disasters
By Keith R. Fisher
Recently, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 482, which deals with ethical obligations in connection with large-scale disasters, including such diverse events as hurricanes, earthquakes, and acts of terrorism. Topics addressed include protecting client information, implementing measures to ensure the lawyer’s ability to remain in contact with clients and financial institutions holding client funds, and attorney advertising in disaster-affected areas. The author dissented in part because of a concern that the opinion was imposing “one size fits all” ethical “obligations” on lawyers regardless of context. The Professional Responsibility Committee is planning a program on this topic, among others, for the spring meeting in Vancouver.
Professional Responsibility
ABA Ethics Committee Opinion on Data Breaches and Cyberattacks
By Keith R. Fisher
The ABA Standing Committee on Ethics and Professional Responsibility has released a formal opinion detailing lawyers’ ethical obligations in connection with data breaches and cyberattacks. The opinion says that lawyers must notify current clients in the event of a data breach and keep them updated on the findings of any investigations into that breach. Lawyers are supposed to monitor the technology they use for data breaches and take steps to “stop” the attack and mitigate damage. While lawyers do not have a free-standing ethical obligation to inform former clients of a data breach, the opinion advises them to check for different requirements under state law and state ethics opinions and to craft written agreements with clients regarding the handling of their confidential information once a client ceases to be a client. The opinion acknowledges that a data breach is not per se an indication that a lawyer has not met the ethical obligation to safeguard client information, provided the lawyer took reasonable steps to prevent the data breach.