Description
Cybercrime and data breaches continue to rise and dominate the headlines and law firms remain prime targets due to the sensitive nature of their work. Lawyers must understand the risks and their ethical and legal obligations to safeguard client data in order to uphold their professional responsibilities and avoid malpractice actions.
Rule 1.6 of the American Bar Association's (ABA) Model Rules of Professional Conduct emphasizes a lawyer's duty to maintain confidentiality and adopt reasonable security measures against data breaches to protect sensitive client information. Other ethics rules have particular application to protection of client information, including the technical competency requirements found in Model Rule 1.1, the diligence and promptness standards found in Rule 1.3, Rule 1.4 which underscores the importance of clear communication with clients, and Rules 5.1 and 5.3 highlighting the supervisory responsibilities of lawyers to ensure that all members of the firm adhere to the ethical obligations concerning cybersecurity and data protection.
Beyond ethical rules, attorneys must also navigate compliance with various state, federal, and international laws, including among others, the European Union's General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission (FTC) Act, the California Consumer Privacy Act (CCPA) and New York's Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).
Listen as our authoritative panel examines the ethics rules relating to data privacy and cybersecurity and provides guidance on implementing robust processes and procedures for maintaining compliance with the Model Rules of Professional Conduct and other laws.
Presented By
Ms. Nadro advises clients on cybersecurity and data privacy matters. A Certified Information Privacy Professional (CIPP/US), she helps clients navigate various data security and privacy issues. Ms. Nadro assists clients with policy drafting, program management, and data collection. She also advises clients on best practices for compliance with evolving state, federal, and international data protection laws. Ms. Nadro is a frequent writer and speaker on data security and privacy issues for organizations such as the ABA’s Tort Trial and Insurance Practice Section’s Cybersecurity and Data Privacy Committee, the Illinois Institute of Continuing Legal Education, and the American Bankruptcy Institute. She is also a member of the International Association of Privacy Professionals, the world’s largest information privacy organization.
Ms. Richardson serves as Co-Chair of the Firm’s Legal Ethics and Malpractice Group. She focuses her practice on legal ethics and malpractice, complex civil litigation, and government enforcement actions. Ms. Richardson counsels and represents lawyers and law firms in disciplinary investigations and prosecutions and malpractice matters. Her disciplinary experience includes matters before the USPTO’s Office of Enrollment and Discipline (OED) and the Office of Professional Responsibility (OPR). She counsels and advises lawyers and law firms in partner admissions and departures, and law firm dissolutions. Ms. Richardson also handles complex civil cases in federal court, state court, and in arbitration proceedings throughout the U.S. She is experienced at handling matters through all stages of litigation. Ms. Richardson works closely with the firm’s telecommunications practice in cases involving the communications-technology industry. Ms. Richardson teaches ethics and professional responsibility at the Georgetown University Law Center and is the Ethics Chair for the North Carolina Bar Association’s Litigation Council.
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
-
An excellent opportunity to earn Ethics CLE credits. Note: BARBRI cannot guarantee that this course will be approved for ethics credits in all states. To confirm, please contact our CLE department at pdservice@barbri.com.
-
Date + Time
- event
Wednesday, June 25, 2025
- schedule
1:00 p.m. ET./10:00 a.m. PT
I. Overview: lawyer’s role as a fiduciary
II. Cybersecurity and data privacy risks in the legal setting
III. ABA Model Rules of Professional Conduct relating to a lawyer's duty to protect client data
IV. ABA Standing Committee on Ethics and Professional Responsibility's Formal Opinions 477R and 483
V. States with enhanced data privacy and cybersecurity requirements for lawyers that go beyond the ABA's Model Rules of Professional Conduct
VI. Other state, federal, and international laws regulating data privacy and protection: GDPR, HIPAA, Federal Trade Commission Act, CCPA, New York's SHIELD Act
VII. Realities of a data breach at a law firm
VIII. Strategies for implementing technical measures and administrative safeguards for data compliance to mitigate exposure to cybersecurity incidents
IX. Practitioner pointers and key takeaways
The panel will examine these and other key considerations:
- Why are law firms and lawyers prime targets for cyberattacks and data breaches?
- How do the Model Rules of Professional Conduct govern a lawyer's duty to protect client data and minimize the risks of cyberattacks?
- What are other laws and regulations lawyers and firms must abide by with respect to data and cybersecurity?
- What specific cybersecurity measures are required to safeguard client data from hackers?
