Office of Bar Counsel, 0817 WYBJ, Vol. 40 No. 4. 12

• Author: Mark W. Gifford Wyoming State Bar Office of Bar Counsel Cheyenne, Wyoming

Office of Bar Counsel

Vol. 40 No. 4 Pg. 12

Wyoming Bar Journal

August, 2017

The Lawyer's Duty to Secure Client Communications from Cyber Breaches: A New ABA Formal Opinion Provides Practical Guidance

Mark W. Gifford Wyoming State Bar Office of Bar Counsel Cheyenne, Wyoming

In 2012 the ABA adopted "technology amendments" to its Model Rules of Professional Conduct, including expanding a comment to Rule 1.1 on lawyer technological competency ("...a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with technology...") and adding a new subpart (c) to Rule 1.6 on client confidentiality ('A lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client."). Both of these provisions were added to the Wyoming Rules of Professional Conduct in 2014.

In 2013, the ABA published The Cyber-security Handbook, the first treatise devoted to the subject for lawyers and law firms.^[1] Since then, as technology has evolved at a head-spinning pace, the profession has come under attack by hackers with increasing frequency. In May of this year, the ABA Standing Committee on Ethics and Professional Responsibility issued a long-awaited Formal Opinion^[2] intended to provide practical guidance to lawyers who often feel ill-equipped to tackle a subject that many are tempted to address with a shrug of the shoulders and fingers crossed.

Formal Opinion 477R begins with a discussion of the "technology amendments" to the Rules, proceeds to identify some of the technology risks that lawyers face, and concludes with a discussion of factors other than the language of the Rules that lawyers should consider when using electronic means to communicate regarding client matters.

The Formal Opinion includes the sobering observation, "[T]hose providing legal services now regularly use a variety of devices to create, transmit and store confidential communications, including desktop, laptop and notebook computers, tablet devices, smartphones, and cloud resource and storage locations. Each device and each storage location offers an opportunity for the inadvertent or unauthorized disclosure of information relating to the representation, and thus implicate a lawyer's ethical duties."

Much attention is given in the Formal Opinion to the phrase "reasonable efforts" as it applies to a lawyer's obligation to protect against cybersecurity breaches. The Formal...