The Texas Supreme Court, in an order in Misc. Docket No. 19-9016, February 26, 2019, adopted an amendment to Comment 8 to Texas Disciplinary Rule 1.01, Competent and Diligent Representation. The amendment adds the “risks and benefits of relevant technology” to the general admonition that lawyers “should strive to become and remain proficient and competent in the practice of law.”

This change in the comment parallels language in ABA Model Rule 1.1, Comment 8, that was added by the ABA Ethics 20/20 initiative. Subsequent ABA Formal Opinion 474R, Securing Communication of Protected Client Information (May 22, 2017) noted the language of Comment 8, as well as the rules regarding confidentiality of client information. The opinion listed the following steps
lawyers should take with regard to electronic communications:

  • 1. Understand the nature of the threat.
  • 2. Understand how client confidential information is transmitted and where it is stored.
  • 3. Understand and use reasonable electronic security measures.
  • 4. Determine how electronic communications about client matters should be protected.
  • 5. Label client confidential information.
  • 6. Train lawyers and non lawyer assistants in technology and information security.
  • 7. Conduct due diligence on vendors providing communication technology.

ABA Formal Opinion 483, Lawyers’ Obligations After an Electronic Data Breach or Cyberattack (October 17, 2018), “picks up where Opinion 477R left off.” Opinion 483 argues for the following additional ethical obligations:

  • 1. Obligation to monitor for a data breach.
  • 2. Stopping the breach and restoring systems.
  • 3. Determining what occurred.
  • 4. Provide notice of data breaches involving, or having a substantial likelihood of involving, material former or current client confidential information.

The obligations suggested under Opinion 483 are in addition to any other state or federal laws that may apply generally to protected personal or health information.

The new Texas comment emphasizes what has been increasingly recognized in the legal profession and civil liability contexts: that lawyers must use technology in a professionally competent manner. TLIE will strive to continue to bring you information on how lawyers can meet these emerging requirements. Lawyers do not have to be security or programming experts; however, they do need to learn the right questions to ask of those that they hire and to personally use technology in a way that meets security needs.