With the looming threat of the next hacking scandal, data protection efforts in law firms are becoming increasingly crucial in maintaining client confidentiality. This paper addresses ethical and legal issues arising with data storage and privacy in law firms. The American Bar Association’s Model Rules present an ethical standard for cybersecurity measures, which many states have adopted and interpreted. Other than state legislation mandating timely disclosure after a data breach, few legal standards govern law firm data breaches. As technology advances rapidly, the law must address preventative and remedial measures more effectively to protect clients from data breaches caused by outdated or ineffective cybersecurity procedures in law firms. These measures should include setting a minimum standard of care for data security protection and creating a private cause of action for individuals whose personal information has been improperly accessed because of a failure to comply with those standards.
Madelyn Tarr, Law Firm Cybersecurity: The State of Preventative and Remedial Regulation Governing Data Breaches in the Legal Profession, 15 Duke Law & Technology Review 234-252 (2017)