The State Bar Association of North Dakota Winter 2015 Gavel Magazine | Page 25

skill” and that “a lawyer must keep abreast of changes in the law and its practice.” 9 An ABA amendment to this comment (currently being studied by the North Dakota Joint Committee on Attorney Standards) adds language that lawyer competency includes consideration of “the benefits and risks associated with relevant technology.” 10 Lawyers also have the duty to reasonably protect confidential client information. 11 The ABA has amended Rule 1.6, which now provides, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” 12 Explaining the scope of the lawyer’s duty, the ABA amended Rule 1.6’s commentary to provides: The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). 13 Lawyers also are obligated under Rule 1.15 to safeguard client property. 14 All of these rules, and others, may come into play in the realm of cybersecurity. Depending on the substance of the lawyer’s representation, state or federal law may impose additional cybersecurity obligations. For instance, the Health Insurance Portability and Accountability Act, commonly known as HIPAA, requires “reasonable and appropriate” data security. 15 The Gramm–Leach– Bliley Act, known as the Financial Services Modernization Act of 1999, requires “administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the nature and scope of its activities.” 16 The good news is that, while the lawyer’s ethical rules and substantive law require efforts to preserve data security, none of them require success. Rather, for the most part the obligation is to expend reasonable efforts to preserve confidentiality. That will be our starting point in the next Gavel. Yahoo News, available at https: