The State Bar Association of North Dakota Winter 2015 Gavel Magazine | Page 25
skill” and that “a lawyer must keep abreast of changes in the law
and its practice.” 9 An ABA amendment to this comment (currently
being studied by the North Dakota Joint Committee on Attorney
Standards) adds language that lawyer competency includes
consideration of “the benefits and risks associated with relevant
technology.” 10
Lawyers also have the duty to
reasonably protect confidential client
information. 11 The ABA has amended
Rule 1.6, which now provides,
“A lawyer shall make reasonable
efforts to prevent the inadvertent
or unauthorized disclosure of, or
unauthorized access to, information
relating to the representation of a
client.” 12 Explaining the scope of the
lawyer’s duty, the ABA amended Rule
1.6’s commentary to provides:
The unauthorized access to, or the
inadvertent or unauthorized disclosure of,
information relating to the representation of a
client does not constitute a violation of paragraph
(c) if the lawyer has made reasonable efforts to prevent the
access or disclosure. Factors to be considered in determining
the reasonableness of the lawyer’s efforts include, but are not
limited to, the sensitivity of the information, the likelihood of
disclosure if additional safeguards are not employed, the cost of
employing additional safeguards, the difficulty of implementing
the safeguards, and the extent to which the safeguards adversely
affect the lawyer’s ability to represent clients (e.g., by making a
device or important piece of software excessively difficult to use).
13
Lawyers also are obligated under Rule 1.15 to safeguard client
property. 14 All of these rules, and others, may come into play in the
realm of cybersecurity.
Depending on the substance of the lawyer’s
representation, state or federal law may impose
additional cybersecurity obligations. For
instance, the Health Insurance Portability
and Accountability Act, commonly known as
HIPAA, requires “reasonable and appropriate”
data security. 15 The Gramm–Leach–
Bliley Act, known as the
Financial Services
Modernization Act
of 1999, requires
“administrative,
technical, and
physical safeguards appropriate
to the size and complexity of the bank and
the nature and scope of its activities.” 16
The good news is that, while the lawyer’s ethical rules and
substantive law require efforts to preserve data security, none of
them require success. Rather, for the most part the obligation is to
expend reasonable efforts to preserve confidentiality. That will be
our starting point in the next Gavel.
Yahoo News, available at https: