Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Data Breaches: Adding a New Layer to the Risk of Legal Malpractice

By Karen Painter Randall and Steven A. Kroll
February 01, 2020

The news these days is filled with reports of significant data breaches. In fact, most experts opine that it is not a matter of "if" but "when," as to whether an entity will fall victim to a cyberattack. Unfortunately, those in the legal profession are not immune to a data breach. What's more, ethical obligations put lawyers and law firms at even greater risk for significant business, financial and reputational harm should they experience a cyberattack. More firms are falling prey to schemes as simple as "phishing" tactics or as sophisticated as a coordinated cyberattack, exposing client data that could include sensitive financial information, market-influencing mergers and acquisitions intelligence, and intellectual property from a patent filing. As a result, attorneys have both an ethical and legal duty to take reasonable steps to protect their clients' personal sensitive data against a cyberattack, or face serious ramifications.

Why Law Firms Are Prime Targets

Law firms are a soft target to hackers as they possess a large volume of critical data. For example, an attorney involved in a highly sensitive business transaction has access to information ranging from a client's personally identifiable information (PII), to details of a business' confidential transactions. Moreover, through discovery and the litigation process, law firms gain access to, among other items, their clients' as well as adversaries' PII, personal health information (PHI), and confidential financial information. Everything from trade secrets, to sensitive market-moving information about a company's finances, to a client's PHI occupies a law firm's files and servers. Additionally, because attorneys tend to identify and isolate this information, hackers are able to quickly and efficiently locate this highly sensitive data. As such, by targeting law firms, cyber criminals have the ability to access a plethora of valuable information located in one place.

Moreover, law firms tend to employ fewer resources toward implementing strong cybersecurity controls, making them more susceptible to an attack. According to the American Bar Association Legal Technology Resource Center's 2019 Legal Technology Survey Report, 26% of respondents report that their firms have experienced some sort of security breach (ranging from hacker activity and website exploits, to more mundane incidents such as lost or stolen laptops). Although the 26% figure is notable, also eye-catching is the 19% of respondents who reported that they do not know whether their firm has ever experienced a security breach. Moreover, the survey found that only 31% of the respondents had an incident response plan. Additionally, only 44% of the respondents use file encryption, 38% use email encryption, and 22% use whole/full disk encryption.

It is evident that heading into the new decade, law firms will continue to be ripe targets for a cyberattack, and must take steps to add additional layers of protection to safeguard their clients' information, and to reduce the possibility of a malpractice claim.

Legal and Ethical Consequences of a Breach

The ethics rules require attorneys to be competent and take reasonable measures to safeguard information relating to clients (ABA Model Rules 1.1 and 1.6 and comments). The comments to ABA Model Rule 1.1 state that "[t]o maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject."

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Top 5 Strategies for Managing the End-of-Year Collections Frenzy Image

End of year collections are crucial for law firms because they allow them to maximize their revenue for the year, impacting profitability, partner distributions and bonus calculations by ensuring outstanding invoices are paid before the year closes, which is especially important for meeting financial targets and managing cash flow throughout the firm.

The Self-Service Buyer Is On the Rise Image

Law firms and companies in the professional services space must recognize that clients are conducting extensive online research before making contact. Prospective buyers are no longer waiting for meetings with partners or business development professionals to understand the firm's offerings. Instead, they are seeking out information on their own, and they want to do it quickly and efficiently.

Should Large Law Firms Penalize RTO Rebels or Explore Alternatives? Image

Through a balanced approach that combines incentives with accountability, firms can navigate the complexities of returning to the office while maintaining productivity and morale.

Sink or Swim: The Evolving State of Law Firm Administrative Support Image

The paradigm of legal administrative support within law firms has undergone a remarkable transformation over the last decade. But this begs the question: are the changes to administrative support successful, and do law firms feel they are sufficiently prepared to meet future business needs?

Tax Treatment of Judgments and Settlements Image

Counsel should include in its analysis of a case the taxability of the anticipated and sought after damages as the tax effect could be substantial.