Full Text

The recent hacking attacks on Sony Pictures and the Target department store chain have increased the focus on cybersecurity in all aspects of life.

At least one American law firm has had sensitive information hacked from its server and put on the Internet. Meanwhile, a couple of Canadian law firms have actually had funds converted by hackers.

An American consulting firm reported in 2012 that 80 percent of the 100 largest law firms in the United States had been the subject of at least one hacking attack during the previous year. That led to an unprecedented meeting between a high official of the FBI and the managing partners for New York City's large law firms to discuss strengthening security protocols.

On Oct. 29, 2014, the Supreme Judicial Court announced that it intends to adopt changes to the Massachusetts Rules of Professional Conduct, largely modeled on changes made to the ABA model rules. These changes are directed to lawyers' responsibilities to clients in the cybersecurity area.

While the SJC has not yet announced an effective date for these changes, the careful practitioner will review and abide by them now.

Certain of these rule changes highlight the risks for lawyers of taking a "head-in-the-sand" approach to securing their electronically stored data.

Virtually every practicing lawyer now possesses and stores confidential client information electronically, and clients expect that their lawyers will protect and preserve the integrity of their confidential information.

The rule changes will apply to all attorneys, whether practicing solo or in a large firm, and regardless of area of practice, although the application of the rules no doubt will vary depending upon particular facts and circumstances.

This column looks at the upcoming changes and their implications for Massachusetts practitioners, and then identifies practice pointers that may reduce the risks. A future column will offer suggestions for a plan of action when a hacking incident actually has taken place.

Rule 1.6 (Confidentiality of Information)

The SJC has decided to add a new provision to Rule 1.6 that is taken from ABA Model Rule 1.6.

Rule 1.6 outlines a lawyer's duty not to disclose confidential client information, except under very limited circumstances. The rule's new provision is not addressed to disclosures that are intentionally made by the...