ABA Opinion 483

Law firms are not immune to the unprecedented rise in cyberattack and data breach incidents world-wide. 

On October 2018, the American Bar Association 

Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 483. The Opinion outlines lawyer/law firms’ obligations to protect client’s confidential information and measures to take post data-breach.

Amongst other critical cybersecurity obligations to safeguard client data, the Opinion refers to five key rules imposed by the Model Rules of Professional Conduct:

• Model Rule 1.1 – Competence. A lawyer must have the legal knowledge, skill, thoroughness and preparation to represent a client. They must act reasonably to stop any data breach from happening. And, in the event of a data breach, they should be competent to take steps to limit the damage.

• Model Rule 1.4 – Communication. Lawyers are obliged to keep clients “reasonably informed” in the event of a data breach. Proper explanation is required “to the extent necessary to permit the client to make informed decisions regarding the representation.”

• Model Rule 1.6 – Confidentiality of Information. Lawyers should not breach confidentiality of information. They must take steps to ensure client information is protected against unauthorized access.

• Model Rule 5.1 – Responsibilities of a Partner or Supervisory Lawyer. It is the lawyer’s responsibility to take all necessary steps to ensure proper measures are in place conform to the Rules of Professional Conduct. This includes monitoring the available technology and office resources connected to the internet.

• Model Rule 5.3 – Responsibilities Regarding Non-lawyer Assistance. Law firms have the responsibility to give reasonable assurance that nonlawyers’ conduct is equal to the obligations of a lawyer. This implies to any external vendors involved with access or use of client data.

How CompCiti Can Help?

CompCiti has a team of cybersecurity and compliance regulation experts who understand the details of Opinion 483. We have developed a comprehensive service pack to ensure law firms not only oblige by the Opinion but rip the benefits of following the obligations to boost stakeholders’ confidence and better brand reputation. Here are some highlighted services we include as part of our Opinion 483 service pack:

VCISO – Chief Information Security Officer (CISO) plays a crucial role in directing the cybersecurity and data protection policies for companies. However, most small and medium sized Law firms do not have the need to hire a full-time CISO on payroll. CompCiti offers Virtual CISO service to represent the needs of law firms at an affordable fixed monthly retainership.

Audit support – Proper system audit needs to be conducted to ensure there are no vulnerabilities that can jeopardize data safety. CompCiti offers audit support to identify and plug any gaps in the network.

Comprehensive cybersecurity program – The purpose of the Obligation is to protect Law Firms against the imminent cybersecurity threat. Being a cybersecurity expert, CompCiti offers to draft and implement a comprehensive cybersecurity program to better protect law firms and their stakeholders.

Latest tools & tech – CompCiti has a strong team of cybersecurity experts who are certified and trained on the latest technology and methodology on cybersecurity. We use the latest tools and technology to help protect our law firm clients.

IT expertise – CompCiti has been in the IT space for over two decades. We combine our IT expertise with cybersecurity know-how to offer a holistic solution to our client. This helps our client build a solid, sustainable foundation of IT network in tandem with a strong cybersecurity background.