The impact of technology on the practice of law has been dramatic. Reflecting that impact, state bar associations have been confronting the ethical issues that arise when attorneys and courts interact with social media and electronically stored information (ESI). As a result, bar associations have been issuing formal ethics opinions, and the trend involves application of the existing rules of legal ethics to new facts rather than formulation of new rules. This approach makes sense on a number of levels, but there is a disturbing reality that is emerging for attorneys practicing in the digital age.
There is an increasing realization, and appreciation, that cyber-security is lagging behind widespread and increasing threats to confidentiality and privacy of electronically created, stored and communicated information (data). For instance, e-mail transmissions are highly vulnerable to attacks utilizing viruses, worms, spyware and malware. Use of usernames and passwords to guard against unauthorized access to databases is vulnerable to cyber-intrusion, especially when users do not diligently and strictly follow highly demanding security protocols. Wi-fi signals between devices and routers are particularly vulnerable to being intercepted, and cloud computing presents a wide array of potential security weaknesses.
Law firms are definitely in the cross hairs – for instance, it has been reported that 80 major U.S. law firms were hacked in 2010. The dilemma is that while attorneys have a fiduciary duty to protect the confidentiality of their clients’ information and data, attorney-client communications and their own work product, they may be increasingly unable to actually assure such protection without implementing major cutting edge changes in their e-security practices (and incurring the associated expenses). What will ultimately be deemed to constitute reasonable compliance with ethical obligations in this challenging environment is a work in progress.