Bench & Bar

SEP 2018

The Bench & Bar magazine is published to provide members of the KBA with information that will increase their knowledge of the law, improve the practice of law, and assist in improving the quality of legal services for the citizenry.

Issue link:

Contents of this Issue


Page 40 of 67

39 BENCH & BAR | policies and procedures, specific training for employees on those policies and ongoing supervision is warranted. Because a law firm's data security practices are only as strong as its weakest link "(all lawyers) must make sure that subordinate attorneys, interns, parale- gals, case managers, administrative assistants, and external business partners all understand necessary data security practices and the critical role that all parties play in ensuring the protection of client information." 34 ENDNOTES 1. KBA Ethics Opinion KBA E-403. 2. KBA Ethics Opinion KBA E-427. 3. KBA Ethics Opinion KBA E-437. 4. KBA Ethics Opinion E-442. 5. Id. 6. ABA Cybersecurity Legal Task Force & Section of Science & Technology Law, Report to the House of Delegates: Resolution 109 A.B.A. 4 (August 2014) ("Cybersecurity Resolution"). 7. Jane LeClaire & Gregory Keeley, Cybersecurity in Our Digital Lives (2013) at 128. 8. "... (T)he Mossack Fonseca (law firm) attack was dead simple. So simple, in fact, that a teenager with no hacking knowledge other than basic googling skills could have done it...Furthermore, the security mistakes Mossack Fonesca made were appallingly common. So common, in fact, that it's fair to say most of the readers of this article work for organizations that are making at least one of the same mistakes." Jason Bloomberg, "Cybersecurity Lessons Learned from 'Panama Papers' Breach, Forbes Tech Journal (April 21, 2016). 9. For an extensive discussion of this topic, refer to the ABA Cyberscurity Handbook: A Resource for attorneys, law firms, and business professionals (2nd Edition) by Jill D. Rhodes and Robert S. Litt (2018) 10. SCR 3.130 et seq. 11. SCR 3.130 (1.6). 12. See, KBA Ethics Opinion E-437; For a discussion of this Opinion and its practical application to the practice of law, see "Ethics Still Apply: Even When Your Head Is In e Cloud", Lawyers Mutual Insurance Company of Kentucky Risk Management (2016). 13. e ABA stated that the change to Model Rule 1.1 did not create a 'new requirement' for an attorney, but instead made explicit what was previously considered 'implicit' in the Model Rule; See also, "Andrew Perlman, "e Twenty First Century Lawyer's Evolving Ethical Duty of Competence", e Professional Lawyer, Vol. 22, No. 4. 14. California State Bar Opinion 2010-179 (undated). 15. ABA Formal Opinion 477R at 7. 16. For a discussion of Data Breach Cyber Security Risk Management see "Attorney's Liability for Data Breaches" Lawyers Mutual Insurance Company of Kentucky Risk Management (2016). 17. See, Arizona State Bar Opinion 09-04 (2009) which tells attorneys who store client information to consider firewalls, password protection schemes, encryption, certain anti-virus measures, etc. 18. Supreme Court Commentary (6). 19. SCR 3.130 (1.4)(a)(2). 20. See, KBA Opinion E-437 discussing with a client the attorney's use of the cloud if the client's matter is sufficiently sensitive. 21. SCR 3.130(1.4). 22. Commentary (3) to SCR 3.130 (1.4). 23. Commentary (7) to SCR 3.130 (1.4). 24. KRS 365.732(1) (b) defines an 'information holder' as "... any person or business entity that conducts business in this state." 25. ABA Formal Opinion 477R at 9. 26. For a discussion of what information lawyers should consider in this regard, refer to KBA Opinion E-437 at 6; See also, ABA Formal Opinion 08-451 regarding outsourcing legal and nonlegal services. 27. Id. at 4-5. 28. ABA Cybersecurity Handbook, supra at 66. 29. SCR 3.130 (5.1). 30. SCR 3.130 (5.3). 31. Commentary (2) to SCR 3.130 (5.3); See also Commentary (2) to SCR 3.130 (5.1). 32. For a thorough discussion of this topic, refer to the Cybersecurity For e NOTE TO READER is ethics opinion has been formally adopted by the Board of Governors of the Kentucky Bar Association under the provisions of Kentucky Supreme Court Rule 3.530. is Rule provides that formal opinions are advisory only. Custody Divorce Domestic Violence (EPO DVO IPO) Child Support Parenting Time Adoption Same Sex + Cohabitation Grandparent's Rights #FamilyLaw mediator over 20 years of #FamilyLaw experience 101 N. 7th St. Phone 502 561 3454 A. HOLLAND HOUSTON Attorney at Law This is an advertisement. Home and Office: e Lawyer's Guide to Tak- ing Charge of Your Own Information Security by John Bandler (American Bar Association Section of Science & Technology, 2017). 33. ABA Formal Opinion 477R at 9. 34. Drew T. Simshaw, "Legal Ethics and Data Security: Our Individual and Collective Obli- gation to Protect Client Data", 38 Am. J. Trial Advocacy, 549, 550, 554 (2015).

Articles in this issue

Links on this page

Archives of this issue

view archives of Bench & Bar - SEP 2018