In these digital times, there's very little doubt that attorneys have a duty to keep confidential client digital data as safe as any other.
However, as tech advances, so do the hackers and ne'er-do-wellers. And while lawyers and professionals may not be able to keep up in the cat and mouse hacking game, that shouldn't ever prevent one from doing the right thing and telling the client that their data has been breached. At least, that's what the most recent ABA Standing Committee on Ethics and Professional Responsibility opined.
Get Breached, Tell Clients
The ethics opinion may not be the longest of reads at only 16 pages, but it can really all be synthesized down to one major lesson: If you find out your client's data has been breached, you are ethically obligated to tell the client.
And don't just tell the client it happened. According to the ABA, you need to give the client enough information so that they will be "reasonably informed" such that they can make an "informed decision" on whether or not they want you to still be their lawyer.
Get Smart About Data
If you ask IT security pros, one of the biggest common-sense principles of cybersecurity is simple: If a device or data doesn't need to be online or accessible via the internet, then don't put it on there.
So while you may love the fact that you can access any of your old client files via the cloud, is it really necessary? And is it worth the risk, compared to just leaving that info on a hard drive and backup system?