← Blog Home

Ethics and Disaster Recovery Planning

3 min read

Ethics and Disaster Recovery Planning

The ABA’s issuance of Formal Ethics Opinion 482 in September of 2018 finally made it quite clear. Lawyers have an ethical duty to develop a disaster recovery plan. Consider the import of how the Standing Committee on Ethics and Professional Responsibility concluded their opinion when they stated:

“Lawyers must be prepared to deal with disasters. Foremost among a lawyer’s ethical obligations are those to existing clients, particularly in maintaining communication. Lawyers must also protect documents, funds, and other property the lawyer is holding for clients or third parties. By proper advance preparation and taking advantage of available technology during recovery efforts, lawyers will reduce the risk of violating professional obligations after a disaster.”

Speaking frankly, I’ve always assumed this duty existed because in any of the Model Rules of Professional Conduct I’ve never come across an exception that says something along the lines of, ‘this rule doesn’t apply if the lawyer happens to be dealing with the aftermath of a disaster.’ Over the years my only challenge has been in trying to convince other lawyers of the necessity and obligation to put such a plan in place.

With this duty to prepare now firmly established, what rules need to be taken into consideration? Among a few others, Formal Opinion 482 underscored the importance of Rule 1.1 Competence, Rule 1.4 Communications, and Rule 1.15 Safekeeping Property; but I would also encourage you to not overlook Rule 1.3 Diligence and Rule 1.6 Confidentiality. Think about all these rules in the context of developing a disaster recovery plan, or if it helps, a business continuity plan.

Start with comment 8 to Rule 1.1 Competence, which in part reads, “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” This means lawyers must not only understand how any technology in use at a firm might be impacted by various disaster scenarios, they must also be able to determine how any relevant technology might be utilized to minimize the impact of various disasters.

Next is Rule 1.3 Diligence, which I see as a no brainer. “A lawyer shall act with reasonable diligence and promptness in representing a client.” There are no exceptions to this rule; and it should go without saying that experiencing a fire, flood, ransomware attack, or hurricane can all too easily make it extremely difficult to be prompt in representing your clients. Therefore, lawyers are to consider all possible disaster scenarios they potentially face and plan accordingly.

Rule 1.4 Communication makes it clear that lawyers are to keep their clients informed about the status of their matters. This means lawyers must think through the various disaster scenarios that might occur with the intent of trying to determine how client contact information could be accessed and used, and by what communication channels. It’s about making sure they can reach their clients in order to advise on whether their representation will continue or if they must withdraw. Similarly, lawyers should try to determine how their clients can reach them under the various identified disaster scenarios.

Rule 1.4 also requires that clients have enough information to allow them to make informed decisions regarding the representation. This means clients need to be timely notified if their files or digital information has been compromised or destroyed while in a lawyer’s custody or control. In light of this obligation, lawyers should consider implementing remote access options and cloud-based services, if they are not already in place. Of course, lawyers should also think through their options if they are forced to deal with limited or no internet access.

Taken together, Rule 1.6 Confidentiality and Rule 1.15 Safekeeping Client Property require lawyers to take steps to preserve client confidentiality and exercise reasonable care to protect and, if necessary, restore client information and client property in the event of a disaster. Think about it. If lost documents or property can be restored or reconstructed, client notification isn’t necessary. However, according to Opinion 482, if reconstruction or restoration isn’t possible, notification is necessary if the lost documents or property have intrinsic value or are useful or necessary to continue representation.

Finally, don’t avoid the money issue. Lawyers do need to ask and answer the following questions. What do we do if access to financial systems, firm accounts, client funds and the like are limited or not available for a period of time and what steps can we take to prevent any unauthorized access to our trust and business accounts?

In sum, disaster recovery planning is about being proactive. It’s about thinking through the what-ifs should something like a cyber-attack, extreme weather event, firm break-in, or a serious accident ever occur and then coming up with a plan that responsibly addresses the associated risks. That said, I can appreciate the headache this obligation might bring about for some; so, here’s another way to look at it. Disaster recovery planning is ultimately about coming up with a plan that allows you to stay in business should the unexpected ever happen. Because, as we all know, a failure to plan is, in reality, a plan to fail.

Print Friendly, PDF & Email

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.

Can Lawyers Use Apps Like Venmo, Zelle, or PayPal?

3 min read

Can Lawyers Use Apps Like Venmo, Zelle, or PayPal?

As with so many tech decisions lawyers face, the answer is yes, as long as any associated ethical issues are identified and responsibly addressed....

Read More
Data Security and All the Other Lawyers

2 min read

Data Security and All the Other Lawyers

During a presentation at the ABA’s 44th National Conference of Professional Responsibility last year, a CLE panelist threw out the following. Given...

Read More
Lawyer Advertising, Ethics, and Geo-fencing

2 min read

Lawyer Advertising, Ethics, and Geo-fencing

In the good old days, plaintiff lawyers hoping to find a few new clients would place ads on billboards located near hospitals. From an ethical...

Read More