Category Archives: Lawyer competence technology

Ransomware attack against South Florida digital record storage entity block law firm’s access to electronic records

Hello everyone and welcome to this Ethics Alert, which will discuss a recent Miami Herald article discussing a ransomware attack against a South Florida software company that manages electronic records for thousands of law firms nationwide in which digital legal documents have been held hostage.  The October 25, 2019 Miami Herald article is here:  https://www.miamiherald.com/news/local/article236645058.html

According to the Herald article, “a Florida law firm was forced to request more time to meet a filing deadline in a gender-discrimination employment case in federal court because it could not access its electronic documents stored with TrialWorks.”  “The firm’s attorney representing the deputy (in the Citrus County federal gender discrimination lawsuit) cited the TrialWorks’ software problem, saying the company ‘has shut down access’ to critical documents in the case. The law firm needed the documents to address a dispute over the testimony of an expert witness for Citrus County. Its response was due Friday (October 25, 2019).”

“Since Oct. 11, 2019, plaintiff’s counsel, as well as other TrialWorks clients, have been unable to access documents,” says the law firm’s motion requesting more time. “As of Oct. 24, 2019, plaintiff’s counsel remains unable to access all the necessary documents required to respond.”  “The deadline issue was quickly resolved because attorneys for Citrus County did not oppose the law firm’s request. Melton’s firm has until Nov. 14 to respond, assuming it can gain access before then to crucial records at TrialWorks.”

The article also states:  “TrialWorks acknowledged it ‘was recently targeted by a ransomware incident that did not affect our software but did prevent approximately 5 percent of our customers … from accessing their accounts.’”  “In a statement, the company said it started an internal investigation and retained independent cybersecurity experts. “We have been working around the clock to restore normal operations for our customers as quickly as possible, and nearly all customers have had access restored within a week.”  “Company officials said they have not contacted federal authorities about the ransomware attack but plan to share information from the internal investigation with law enforcement.”

“Earlier this month, TrialWorks began alerting its customers about the security breach and initially indicated it was caused by a Microsoft service outage affecting Outlook desktop and mobile apps, according to court records. But the company’s customer alerts became more ominous over the past two weeks, including one that cited a ‘ransomware incident.’”

Bottom line:  This unfortunate ransomware incident highlights the vulnerability of digital information, including information stored digitally by litigation document assistance providers such as TrialWorks.

Be careful out there.

Disclaimer:  this e-mail is not an advertisement, does not contain any legal advice, and does not create an attorney/client relationship and the comments herein should not be relied upon by anyone who reads it.

Joseph A. Corsmeier, Esquire

Law Office of Joseph A. Corsmeier, P.A.

2999 Alt. 19, Suite A

Palm Harbor, Florida

Office (727) 799-1688

Fax     (727) 799-1670

jcorsmeier@jac-law.com

www.jac-law.com

Joseph Corsmeier

about.me/corsmeierethicsblogs

Leave a comment

Filed under Attorney Ethics, Florida Lawyer Ethics and Professionalism, fraud, joe corsmeier, Joseph Corsmeier, Lawyer competence technology, lawyer confidentiality, Lawyer digital document protection, Lawyer digital document security breach, Ransomware attack, Uncategorized

ABA issues Formal Ethics Opinion 483 providing ethics guidance to lawyers before and after a cyber breach or hack

Hello everyone and welcome to this Ethics Alert which will discuss recent (October 17, 2018) American Bar Association Formal Opinion 483 which provides guidance to lawyers before and when there has been a cyber breach or hack.  The opinion is here:  https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba_formal_op_483.pdf

Just like to rest of our digital world, lawyers are susceptible to cyber hacking/breaches when using digital devices and programs or otherwise using the internet.  The ABA Opinion confirms the duty that lawyers have to attempt to prevent such hacks and breaches and also the lawyer’s obligation to notify clients of a data hack/breach.

The opinion provides the reasonable steps that lawyers can take to meet their obligations under the ABA model rules and emphasizes the importance for lawyers to plan for an electronic breach or cyberattack and discusses how model rules may apply when an incident is either detected or suspected. According to the opinion, the following Model Rules of Professional Conduct would potentially apply:

Rule 1.1 (competence), requiring lawyers to develop sufficient competence in technology to meet their obligations under the rules after a breach; Rule 1.15 (safekeeping property), requiring lawyers to protect trust accounts, documents and property the lawyer is holding for clients or third parties; Rule 1.4 (communication), requiring lawyers to take reasonable steps to communicate with clients after an incident; Rule 1.6 (confidentiality), regarding issues of confidentiality in the client-lawyer relationship; Rule 5.1 (lawyer oversight), which sets forth the responsibilities of a managing partner or supervisory lawyer and; Rule 5.3 (nonlawyer oversight), which sets forth the responsibilities of supervisors who are nonlawyers.

The opinion states that “(w)hen a breach of protected client information is either suspected or detected, Rule 1.1 requires that the lawyer act reasonably and promptly to stop the breach and mitigate damage resulting from the breach…(h)ow a lawyer does so in any particular circumstance is beyond the scope of this opinion.”

“As a matter of preparation and best practices, however, lawyers should consider proactively developing an incident response plan with specific plans and procedures for responding to a data breach. The decision whether to adopt a plan, the content of any plan and actions taken to train and prepare for implementation of the plan should be made before a lawyer is swept up in an actual breach.”

Bottom line:  This ABA opinion addresses and discusses a lawyer’s obligations in attempting to prevent a cyber hack or breach and also provides guidance regarding the lawyer’s obligations if a breach/hack occurs.  All lawyers should be addressing serious issue this now and should consult their state/jurisdiction’s ethics rules to insure compliance.

Be careful out there.

Disclaimer:  this Ethics Alert is not an advertisement, does not contain any legal advice, and does not create an attorney/client relationship and the comments herein should not be relied upon by anyone who reads it.

Joseph A. Corsmeier, Esquire

Law Office of Joseph A. Corsmeier, P.A.

29605 U.S. Highway 19, N., Suite 150

Clearwater, Florida 33761

Office (727) 799-1688

Fax     (727) 799-1670

jcorsmeier@jac-law.com

www.jac-law.com

 

Leave a comment

Filed under ABA Formal Ethics Opinion 483 guidance to lawyers before and after a cyber breach or hack, ABA formal opinions, ABA Model Rules, Attorney Ethics, joe corsmeier, Joseph Corsmeier, Lawyer competence technology, Lawyer ethics, Lawyer Ethics and Professionalism, Lawyer ethics opinions, Lawyer technology competence, Lawyer technology competence after hack or breach

Florida Supreme Court adds three hours of technology to lawyer’s mandatory CLE requirements and increases total hours from 30 to 33

Hello everyone and welcome to this Ethics Alert which will discuss the recent opinion of the Supreme Court of Florida which approved proposed changes to Florida Bar rules mandating three hours of continuing legal education in technology related areas/courses.  Florida will become the first state to mandate technology CLE.  The opinion is In Re: Amendments to the Rules Regulating The Florida Bar 4-1.1 and 6-10.3, No. SC16-574 (September 29, 2016) and is here:  http://www.floridasupremecourt.org/decisions/2016/sc16-574.pdf. The rule amendments will become effective on January 1, 2017.

The opinion adopted the recommendations of the The Florida Bar’s Vision 2016 Commission’s Technology Subcommittee.  The revision to rule 6-10.3 increases the CLE requirements for Florida lawyers from 30 to 33 hours of credit every three years and three hours must be in technology related areas/courses.

The opinion also amended the comment to rule 4-1.1 (Competence) “to add language providing that competent representation may involve a lawyer’s association with, or retention of, a non-lawyer advisor with established technological competence in the relevant field. Competent representation may also entail safeguarding confidential information related to the representation, including electronic transmissions and communications. Additionally, we add language to the comment providing that, in order to maintain the requisite knowledge and skill, a lawyer should engage in continuing study and education, including an understanding of the risks and benefits associated with the use of technology.”

Bottom line: Beginning in January 2017, lawyers will be required to obtain 33 hours of CLE every 3 years (up from 30) with a minimum of three hours in technology related areas/courses.

Be careful out there.

Disclaimer:  this e-mail is not an advertisement, does not contain any legal advice, and does not create an attorney/client relationship and the comments herein should not be relied upon by anyone who reads it.

Joseph A. Corsmeier, Esquire

Law Office of Joseph A. Corsmeier, P.A.

29605 U.S. Highway 19 N. Suite 150

Clearwater, Florida 33761

Office (727) 799-1688

Fax     (727) 799-1670

jcorsmeier@jac-law.com

www.jac-law.com

 

Leave a comment

Filed under Attorney Ethics, Florida Bar, Florida lawyer CLE technology competence, Florida Lawyer Ethics and Professionalism, Florida lawyer technology competence rule 4-1.1, joe corsmeier, Joseph Corsmeier, Lawyer competence technology, Lawyer ethics, Lawyer lack of competence, Lawyer technology competence