Recap of Required Cybersecurity Safeguards Per the American Bar Association

Here’s an alarming stat for you: 25% of law firms have experienced a breach at some point in time. If nothing else, this tells us that cybercriminals have identified law firms as a prime target for stealing sensitive information and money.

The American Bar Association (ABA) recently released its 2021 Legal Technology Survey Report. You can view the full report here. Let’s take a deep dive into what the report shows and what it predicts for the future.

  • 80% of solo lawyers report having primary responsibility for their firm’s security. The larger the firm, the more likely they are to employ or contract IT staff or consultants.
  • 13% of firms with 100-499 attorneys and 16% of firms with 500+ attorneys report having a security officer with the primary responsibility for IT. A small percentage report that nobody has primary responsibility for security.
  • Approximately 50% of respondents reported that their firm has a policy to manage data retention in possession of the firm.
  • 60% of firms have a policy on email use
  • 45% of firms have a policy on internet use
  • 57% of firms have a policy on acceptable computer use 
  • 56% of firms have a policy for remote access to firm data
  • 48% of firms have a policy for social media use
  • 32% of firms have a policy for personal technology use and a policy for employees bringing their own device to work
  • 17% of respondents reported their firm has no policies in place related to technology. 
  • 8% of respondents reported they were unaware of whether or not their firm had policies in place related to technology.

Here’s our overview of the required cybersecurity safeguards (per the American Bar Association):

  • The ABA rules focus on safeguarding client data related to communication, competence, and supervision.
  • The rules require lawyers to use competent and reasonable measures to safeguard the confidentiality of client information – this should be communicated with clients regarding a law firm’s use of technology.
  • Consent should be garnered from clients when necessary and appropriate with respect to the firm’s use of technology
  • Firms should supervise attorneys regarding the use of technology –, both business and personal – to ensure compliance when dealing with confidential client information
  • According to the ABA, firms should familiarize themselves with 3 Opinions:
    1. ABA Formal Opinion 477R, “Securing Communication of Protected Client Information” (May 2017)
    2. ABA Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack” (October 2018)
    3. ABA Formal Opinion 498, “Virtual Practice” (March 2021)

As a law firm, like many high-stakes industries and businesses, your firm is held to a high standard for using and managing technology and related data. At PK Tech, we have a long history of working with law firms of different sizes and focus on ensuring they are up to date with the latest required safeguards and compliance. If we can assist your firm in this area, get in touch with our team. Contact us here