Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

July 18, 2016

Ethical Considerations For Attorneys In The Evolving World Of Cyber Security And Data Breaches

Hacking and the breach of confidential data in the retail, healthcare, and financial industries have been recurring and well reported events. Law firms are not immune from such incidents, and in fact, are attractive targets given that they may possess client financial and personal data, trade secrets, business plans, and intellectual property data sought after by cyber criminals. Earlier this year, media outlets reported that hackers gained access to the computer networks of a number of large law firms, which represented clients on sensitive merger and acquisition matters. Before a data breach like this occurs, law firms, large or small, should review and evaluate their obligations and duties to protect confidential client electronic data. They should have an incident response team and plan already in place.

Hacks and data breach events raise ethical concerns for attorneys in New York State, if they have not taken reasonable care to protect their clients' confidential information. Rule 1.6 of the New York Rules of Professional Conduct defines the attorney's obligation to protect a client's confidential information. Rule 1.6(a) states that a lawyer shall not knowingly reveal a client's confidential information. Rule 1.6(c) further provides that a lawyer "shall exercise reasonable care to prevent "¦ others whose services are utilized by the lawyer from disclosing or using confidential information of a client "¦". Comment 17 to Rule 1.6 states, "[w]hen transmitting a communication that includes information relating to the representations of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients."

The New York State Bar Association Committee on Professional Ethics has issued a number of opinions over the last two decades articulating ethical concerns associated with electronic data. These opinions are relevant in the evaluation of an appropriate standard of care for an attorney regarding his or her compliance with client duties and ethical responsibilities.

One recent release, Opinion 1019, addresses concerns associated with the remote access to a law firm's electronic file. The question raised to the Committee was whether a law firm could provide its lawyers with remote access to its electronic files. The Committee stated that cyber-security issues continued to be a major concern for lawyers. The Opinion noted that a law firm must determine that the technology it will use to provide remote access provides reasonable assurance that confidential client information will be protected. However, the opinion stated that it could not recommend particular steps that would constitute reasonable precautions, including the degree of password protection and/or encryption required, along with security measures the firm must use to determine whether there has been unauthorized access.

Notably, the opinion stated that when the law firm is able to make a determination that the protection provided is reasonable, a client's consent to the system is not necessary. However, the opinion noted that where a law firm cannot ensure reasonable protection for a client's confidential information, it is allowed to request a client's informed consent. However, in such circumstances, the firm must disclose the risks of the system to the client so that the consent is informed.

As the opinion makes clear, lawyers, whether sole practitioners or members of large firms, have an obligation to determine the appropriate level of protection for client confidential information. While the opinion does not specifically provide the degree of password protection or encryption required, at a bare minimum, some degree of password protection and encryption should be in effect when data is able to be accessed on a remote basis. The Opinion serves as a reminder that attorneys have a duty to protect their clients' confidential information and to follow appropriate practices and procedures as they relate to constantly evolving technology security measures. The failure to do so has the potential to not only damage the client and client relationships, but also to expose a lawyer, law firm, and their insurers to potential liability and damages, as well as disciplinary action.

If you require further information regarding the content of this alert, please contact Dennis R. McCoy, Chair of our Professional Liability Practice Area, at (716) 566-1560 or


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Compres, Sanchez, Fontanez, Pajaro, Garcia, and Jaquez—Targeting Businesses in Recent Flurry of Lawsuits


Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Competello, Fernandez, Liz, Riley, and Trippett—Targeting Businesses in Recent Flurry of Lawsuits


CDPAP Providers Get First Look at the Future of CDPAP Without FIs


New York State Fiscal Year 2025 Budget: Implications for Employers Unpacked


Lab Providers Under Increased Scrutiny From Civil and Criminal Agencies for OTC COVID-19 Test Claims


NYS Appellate Court Dismisses Claim Based on Material Misrepresentations in Insurance Application

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out