The outlines of the attorney-client privilege and work-product doctrine are well-established. But how should they apply when an organizational client suffers a cybersecurity event or other intrusion that results in a data breach?  Should information about the company’s security policies pre-breach and its post-breach response be given any enhanced protection? Under what circumstances?

The questions

Greetings 2018!  Time for some ethics trend predictions to kick off the Year of the Dog (according to the Chinese zodiac).  Let it be a year in which you doggedly pursue ethical practice (ouch).  No more bad puns — here’s what’s hot as we begin the year:

Law firm cyber-security

No surprise here that the

Law firm cybersecurity is in the news again with two developments. First, the latest ABA TechReport says that large law firms were more likely to be victims of a data security breach last year than mid-size or small firms, with one in seven respondents having been hit overall. That’s a big deal. Next, a federal class action complaint in what is thought to be the first suit attempting to base liability solely on a U.S. law firm’s allegedly inadequate cybersecurity was unsealed on December 9. But that suit possibly turns out not to be such a big deal.
Continue Reading