By David Hricik, Mercer Law School
Law firms are targets of hackers, and patent firms in particular are so. Why? Because hackers know they have the “wheat” separated from the chaff, and hackers believe firms also have less robust security than their clients. See Am. B. Ass’n. Formal Eth. Op. 483 (here). That is likely more so in disbursed work forces caused by the pandemic.
In that opinion, the ABA explained the duties of a firm to use reasonable care to avoid hacking. If a hacking occurred, the opinion concluded that a firm had to notify current clients and provide sufficient information to them to respond. The ABA refused to say that lawyers owed such an obligation to former clients.
In Maine Opinion 220 (here), the Maine committee reasoned that a lawyer had an obligation to inform both current and former clients of breaches affecting their data. The issue remains open in many states.
Firms should consider addressing the issue in engagement letters: once the relationship ends, so too does the duty to advise on hacking. Of course, returning the files at the end of a representation and destroying remaining ESI is also a good risk management tool.