BB&K In The News

BB&K’s Rich Egger discussed at State Bar of California’s annual ethics symposium how law firms should handle cyberattacks, as reported by the San Diego Daily Transcript.

By LYLE MORAN

Law firms subject to cyberattacks must think carefully about whether to inform all their clients of the news and what details to include in any disclosures, experts say.

A firm should first try to figure out whether the attack resulted in client data being accessed or stolen, said Richard Egger, an Ontario, Calif.-based partner at Best Best & Krieger LLP.

Egger, speaking in San Diego at the State Bar of California’s annual ethics symposium, said detailed information provided by technical experts can help firms determine what type of disclosure, if any, they make about a cyberattack.

Attorneys at the firm must also consider their obligation under Rule 3-500 of California's rules of professional conduct to keep clients reasonably informed about “significant developments” related to representation.

If an attack is halted before accessing client data, Egger said “that is not necessarily a circumstance where I want a send a letter out to all the clients saying, 'This happened. We stopped it.'

“On the other hand, if the Sony hack happened to us, I'd be looking at our complete client database and saying I've got to send a letter to everybody and that may include all of our former clients,” he said at the event held at Thomas Jefferson School of Law.

Egger said another reason to take care with disclosures to clients is that they later could be exhibits in a lawsuit brought against the firm as a result of a breach.

To read the full article, which was published on May 12, 2015 in the San Diego Daily Transcript, click here (subscription required).