Every attorney’s ethical duty of competence requires a lawyer to provide competent representation to a client, applying the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. This in turn requires that a lawyer keep abreast of technology, including associated risks and benefits, including continuing study and education. As a matter of best practice and preparation, lawyers should proactively develop an incident response plan with the objectives of both stopping the breach and restoring systems, with “specific plans and procedures for responding to a data breach.”
Because a data breach requires a rapid response, the plan should be developed prior to the time the lawyer is swept up in an actual breach. Developing a thorough and thoughtful incident response plan creates the ability to respond to data breach incidents systematically, employing the appropriate personnel with appropriate experience, with a careful methodology, in a coordinated manner.
Read entire article here.