Although electronic storage of information has changed the type and level of risks involved, lawyers' professional conduct obligations with respect to protection of client information remain the same. Those obligations are as follows:
Duty of Confidentially
Lawyers have a professional duty to protect their clients’ information. While there are some slight jurisdictional differences, the general duty is much the same throughout Australia. The issue of client confidentially now needs to be placed into a cyber space context. Just as you wouldn’t leave the front door of your practice open for anyone to walk in and look at, you should ensure that any ‘digital doors’ to your firm’s systems are not left open.
Key messages
- Just as you are careful to keep confidential hard copy files safe from unauthorised viewing, the same needs to go for electronic files too.
- Stolen computers and portable hard drives are one of the most common forms of data breaches within law firms. Keep them safe and accounted for.
- Lawyers need be keenly aware of who has access to confidential electronic information within the firm. Information should be made available to staff on a need to know basis, with restrictions on access. This includes contractors and temporary and terminated employees.
Duty of Competency
In 2012 The American Bar Association amended Comment 8 to Rule 1.1 of the Model Rules of Professional Conduct to include a competency component in relation to technology. A growing number of U.S. states have adopted this recommendation in some form or another. Florida has even gone one step further and has adopted mandatory continuing legal education in relation to technology. As legal practices place more reliance on technology, especially the internet, it is likely this this type of competency will be implemented in other jurisdictions.
Key messages
- To be a competent lawyer, you need to understand the value of the information that you are dealing with.
- Failing to properly protect your client’s information that has been entrusted to you could cast doubt on your ability to properly manage your practice.
- As legal practices operate more in the digital realm the issues of cyber security will play a more prominent role. It is important to keep up-to-date with the current risks and the current security measures.
Remember, cyber security is not just a “technology issue” that can be delegated without supervision to another member of staff, even another partner. Both lawyer and non-lawyer staff members need to be alert to the risks of working in a digital world and make it their business to be knowledgeable of the key issues. Although lawyers clearly have, as a consequence of their professional conduct obligations special responsibilities, cyber security is every staff member’s responsibility.