There are many occasions when privacy is critical. Counseling sessions, medical records and educational files all contain information that could be destructive if the public saw them. The same is true when someone visits a New York attorney. The information a client shares with a lawyer is privileged, and attorneys are under a strict code of ethics to keep it confidential. However, when an attorney is the victim of a hacking or cyberattack, it may be cause for a legal malpractice claim.
With so much information saved on hard drives, stored in the cloud and shared through emails, it is not unheard of for a law firm to have a data breach. Clients whose confidential personal and case information are compromised in such an attack may not even be aware that the breach has occurred until it is too late. What is an attorney’s obligation in this matter?
The American Bar Association’s Committee on Ethics and Professional Responsibility recently addressed this growing concern in a formal opinion. The committee reminded lawyers of their important duty to protect confidential client information and to report data breaches to clients in a timely manner. Some steps a law firm may take include limiting the number and kinds of internet services in use as well as reducing the amount of confidential client information the firm keeps on hand.
A law firm that fails to take reasonable steps to prevent a data breach may be failing in multiple ethics models. Clients who suffer because of a preventable compromise of personal information may have cause to pursue a legal malpractice claim. A skilled New York attorney can evaluate the case and assist in planning an appropriate course of action.