The American Bar Association (ABA) is proposing to make clear that the protection of a client’s data is an ethical responsibility of lawyers. The Commission on Ethics 20/20 of the American Bar Association recently released its Report to the House of Delegates recommending several modifications to the ABA Model Rules of Professional Conduct regarding lawyers’ use of technology and protection of client confidences, including a Rule that requires lawyers to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to information relating to the representation of a client.
On August 26, 2011 France implemented new EU provisions on data breach notifications for electronic communications providers, as well as new provisions requiring prior consent for cookies. The French measure also gives the government power to order security audits for electronic communications providers.
The recent effective data for enforcement of the new HIPAA/HITECH data-security breach notification law, and continued passage of and amendments to state notification laws, make compliance with data-security breach notification requirements more challenging than ever.
The H&H Chronicle of Data Protection thought it would be useful to provide this Short Guide to Responding to Data Security Breaches as a refresher for some and as a wake-up call for others.
American-style data security breach notification laws may be coming to the EU, affecting all companies holding personal data
“Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law?” That is the question a federal district judge in Maine has put to the Maine Supreme Court in the data security breach litigation involiving Hannaford Brothers. “If the Maine Law Court’s answer to the certified question on the cognizable harm issue favors the plaintiffs, the plaintiffs will have both a negligence claim and an implied contract claim.” Such a development could have a profound impact on the vulnerability of companies experiencing data security breaches to civil claims, something they so far largely have avoided.