- Lawyers’ special obligations to maintain confidentiality should be borne in mind when considering disclosure obligations following data breaches.
- The use of cloud-based technology may imply a duty of technological competence.
- Cyber security is not simply an IT problem and minimising risk includes awareness of human factors.
Data is now regarded by many as the world’s most valuable resource, and community concerns around privacy and data protection are reflected in increased regulation including in Australia. Lawyers have always been custodians of confidential information, so keeping secrets or securing documents might seem like second nature. But while keeping information confidential was relatively easy in the days when locking the office door or the records room was all that was required, have our standards of professional practice kept up with technological change? How well do the profession’s security practices reflect risks associated with transmitting data via email, cloud storage and ransomware that threatens to either encrypt or expose information unless a cyber extortion payment is made? And is it reasonable to expect that the same security standards will apply to a small firm without internal IT support as a large firm with a well-resourced IT department?