May 4, 2012 the NKU Chase Law & Informatics Institute presented an ethics program focusing on the proposed changes to the ABA Model Rules of Professional Responsibility and similar changes to SEC Guidance for disclosure of cybersecurity risk.
In 2009, The American Bar Association created the Ethics 20/20 Commission (“Commission”) to “perform a thorough review of the ABA Model Rules of Professional Conduct [(“MRPC”)] and the U.S. system of lawyer regulation in the context of advances in technology and global legal practice developments.” The Commission held hearings and developed draft statements regarding a number of topics, including the effect of technology on a lawyer’s duty of confidentiality and client development. Having completed its review on several key proposals, they will be brought to the ABA for approval in August 2012:
The ABA Commission on Ethics 20/20 is pleased to release for comment by April 2, 2012, along with a Cover Memo from Co-Chairs Jamie S. Gorelick and Michael Traynor, final revised drafts of Commission Proposals scheduled to go to the ABA House of Delegates in August 2012. These six revised draft proposals cover the subjects of Technology (Confidentiality), Technology (Client Development), Outsourcing, and Uniformity/Mobility (including Model Rule 5.5 and Practice Pending Admission), Admission by Motion, and Model Rule 1.6 (Duty of Confidentiality).
In addition to the materials provided by the ABA, we have created a Summary Analysis as well as a CLE Powerpoint presentation. The presentation was made by Dean Dennis Honabach and Professor Jon Garon.
To summarize the program:
The practice of law has largely gone digital in the past decade. Remote access to one’s office, reliance on smart phones to share data, email and social media to communicate with clients, and other emerging technologies to conduct overseas cloud-based outsourcing or operate virtual law offices have transformed the mechanics of practicing law.
The American Bar Association’s Commission on Ethics 20/20 is examining technology’s impact on the legal profession. In proposals recommended for adoption this year, the Commission proposes adoption of a new Rule 1.6(c) which would require that a “lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client.” While this duty has existed under the prior rules, the modifications make clear that this affirmative duty extends to data privacy, security and reliability.
These proposals also address issues of screening electronic information accessible to a law firm assure that confidential information known by a personally disqualified lawyer remains protected from inappropriate access by other attorneys; an affirmative duty to “keep abreast of changes in the law and its practice, including the benefits and risks associated with technology;” and many others.
Not to be outdone, the Corporate Finance Division of the Securities and Exchange Commission has taken steps of its own to require greater awareness, disclosure and reporting of issues relating to technological knowledge held by a company – including its lawyers. The guidance identifies that “a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents. In addition, material information regarding cybersecurity risks and cyber incidents is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.” Lawyers drafting these disclosures – and lawyers dealing with the risk assessment for their clients – as well as regarding their own practices – have an increasingly external standard of care and responsibility to meet the cyber-risks inherent in the modern digital practice of law.
While it is likely that many of the revised Rules of Professional will be adopted, the changes primarily codify the existing duty to maintain a lawyer’s ongoing duty to remain competent. These materials are intended to assist with that effort by providing an update to the ethical rules and the technologies at the heart of these changes.
The Commission has distributed its recommendations and solicited final comments through April 2, 2012. Final hearings were held April 13-14, 2012 and the Commission will be releasing the final versions of these proposals for approval at the August 2012 ABA Annual Meeting.
 ABA Center for Professional Responsibility, http://www.americanbar.org/groups/professional_responsibility/aba_commission_on_ethics_20_20.html (last visited April 22, 2012).
 ABA Comm’n on Ethics 20/20, Memo of February 21, 2012, available at http://www.americanbar.org/content/dam/aba/administrative/ethics_2020/20120221_ethics_20_20_circulation_cover_memo_revised_august_2012_proposals_for_comment.pdf html.