Inadvertent disclosures (and data breaches) are inevitable for law firms - we just have too much data to manage all of it well. Thank heavens the ABA's Commission on Ethics 20/20 revised draft proposals are really very practical.
The proposal revision of Model Rule 1.6 says that “a lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client.
The factors to be considered in determining the reasonableness of the lawyer’s efforts are:
- The sensitivity of the information
- The likelihood of disclosure if additional safeguards are not employed
- The cost of employing additional safeguards
- The difficulty of implementing the safeguards
- The extent to which the safeguards adversely affect the lawyer’s ability to represent clients
Mere disclosure, by itself, does not trigger discipline. How will we determine what is reasonable? I think it will very likely be based on the size (and therefore presumed relative sophistication and resources) of the law firm. And that should make the smaller firms breathe a little easier, but they still need to fall within the definition of "reasonable," a definition that will emerge only over time.
E-mail: firstname.lastname@example.org Phone: 703-359-0700