Image: americanbar.org
A graduate of Vanderbilt University Law School, Hugh M. Ray III is a Texas attorney who formerly served as a principal of McKool Smith, PC, in Houston. Today, Hugh Ray III is a partner in the Insolvency and Restructuring group of the firm Pillsbury Winthrop Shaw Pittman LLP. He maintains memberships with the Texas, New Mexico, and American Bar Associations.
Recently, the American Bar Association (ABA) issued a formal opinion through its Standing Committee on Ethics and Professional Responsibility that establishes the need for attorneys to adhere to enhanced cybersecurity practices in the interest of protecting clients’ personal data in the digital age. This new mandate comes at a time in which more than half of Americans have been the victims of a data breach, and large swaths of this demographic feel mistrustful of institutions’ abilities to shield their personal information from exposure.
Since the ABA’s first formal opinion on cybersecurity protocol was established in 1999, attorneys have progressively relied more heavily on electronic means to communicate with clients. The new formal opinion states that attorneys must make the security risks of sharing sensitive information via electronic devices known to clients at the beginning of the professional relationship, and must make a reasonable effort to protect client data.
The ABA defines a reasonable effort to encompass seven best practices, including comprehension of the threat of cyberattacks and practical security measures, an understanding of how electronic data is transmitted and how it should be stored, and correct labeling of individual client information. Additionally, the new opinion dictates that attorneys should make sure all lawyers, non-lawyer professionals, and vendors associated with a firm understand cybersecurity and technology and are committed to reasonable cybersecurity practices.
Hugh Ray III 
You must be logged in to post a comment.