ABA issues Formal Ethics Opinion 483 providing ethics guidance to lawyers before and after a cyber breach or hack

Hello everyone and welcome to this Ethics Alert which will discuss recent (October 17, 2018) American Bar Association Formal Opinion 483 which provides guidance to lawyers before and when there has been a cyber breach or hack.  The opinion is here:  https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba_formal_op_483.pdf

Just like to rest of our digital world, lawyers are susceptible to cyber hacking/breaches when using digital devices and programs or otherwise using the internet.  The ABA Opinion confirms the duty that lawyers have to attempt to prevent such hacks and breaches and also the lawyer’s obligation to notify clients of a data hack/breach.

The opinion provides the reasonable steps that lawyers can take to meet their obligations under the ABA model rules and emphasizes the importance for lawyers to plan for an electronic breach or cyberattack and discusses how model rules may apply when an incident is either detected or suspected. According to the opinion, the following Model Rules of Professional Conduct would potentially apply:

Rule 1.1 (competence), requiring lawyers to develop sufficient competence in technology to meet their obligations under the rules after a breach; Rule 1.15 (safekeeping property), requiring lawyers to protect trust accounts, documents and property the lawyer is holding for clients or third parties; Rule 1.4 (communication), requiring lawyers to take reasonable steps to communicate with clients after an incident; Rule 1.6 (confidentiality), regarding issues of confidentiality in the client-lawyer relationship; Rule 5.1 (lawyer oversight), which sets forth the responsibilities of a managing partner or supervisory lawyer and; Rule 5.3 (nonlawyer oversight), which sets forth the responsibilities of supervisors who are nonlawyers.

The opinion states that “(w)hen a breach of protected client information is either suspected or detected, Rule 1.1 requires that the lawyer act reasonably and promptly to stop the breach and mitigate damage resulting from the breach…(h)ow a lawyer does so in any particular circumstance is beyond the scope of this opinion.”

“As a matter of preparation and best practices, however, lawyers should consider proactively developing an incident response plan with specific plans and procedures for responding to a data breach. The decision whether to adopt a plan, the content of any plan and actions taken to train and prepare for implementation of the plan should be made before a lawyer is swept up in an actual breach.”

Bottom line:  This ABA opinion addresses and discusses a lawyer’s obligations in attempting to prevent a cyber hack or breach and also provides guidance regarding the lawyer’s obligations if a breach/hack occurs.  All lawyers should be addressing serious issue this now and should consult their state/jurisdiction’s ethics rules to insure compliance.

Be careful out there.

Disclaimer:  this Ethics Alert is not an advertisement, does not contain any legal advice, and does not create an attorney/client relationship and the comments herein should not be relied upon by anyone who reads it.

Joseph A. Corsmeier, Esquire

Law Office of Joseph A. Corsmeier, P.A.

29605 U.S. Highway 19, N., Suite 150

Clearwater, Florida 33761

Office (727) 799-1688

Fax     (727) 799-1670




About jcorsmeier

Joseph A. Corsmeier is an “AV” rated attorney practicing in Clearwater, Florida. He concentrates his practice primarily in the areas of defense of attorney disciplinary matters before The Florida Bar, attorney admission matters before the Florida Board of Bar Examiners, and professional license and disciplinary matters before the Boards of the State of Florida. He provides expert analysis and opinion on conflict of interest and other attorney disqualification and legal malpractice issues and he testified as an expert in the Florida courts. He served as an Assistant State Attorney in the Sixth Judicial Circuit from 1986 to 1990 where he prosecuted felonies exclusively from June 1987, and as Bar Counsel for The Florida Bar’s Department of Lawyer Regulation from 1990 to 1998. He also practices in the areas of estate planning and Medicaid qualification, workers’ compensation, and labor law. Mr. Corsmeier is the author of numerous articles for various bar publications, has spoken at numerous local and statewide seminars on various topics, including ethics and professionalism, and was an instructor of legal ethics for paralegals at Rollins College until the Tampa campus closed. He received his undergraduate degree from Florida State University and his J.D. from Mercer University. He is admitted to practice in all Florida Courts, the Supreme Court of the United States, the United States Court of Appeals for the Eleventh Circuit, and the Middle District of Florida. He is a member of The Florida Bar, American Bar Association, the Association of Professional Responsibility Lawyers, and the Clearwater and St. Petersburg Bar Associations.
This entry was posted in ABA Formal Opinion 483- lawyer obligations before and after cyber hack or breach, ABA Model Rules of Professional Conduct, ABA opinions, Attorney ethics, corsmeier, joe corsmeier, Lawyer Ethics, Lawyer ethics opinions, Lawyer obligations before and after cyber breach or hack, Lawyer technology competence, Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s