Cybersecurity and a Lawyer’s Ethical Duty to Protect Your Data

Modern law depends on technology, and with that comes the responsibility to keep client information safe. Attorneys Brendon P. Levesque and Michael S. Taylor of Barry, Taylor & Levesque, LLC recently presented at the Connecticut Bar Association’s Continuing Legal Education seminar, “Cybersecurity & Legal Ethics: Protecting Client Data in a Digital Age.” They discussed a lawyer’s duty to take precautions to protect their clients’ digital information stored on phones, laptops, and other electronic devices.

Cybersecurity is paramount for all legal professionals. At Barry, Taylor & Levesque, LLC we incorporate safeguards and thorough protective measures into our handling of every client matter. Here are the highlights from Levesque and Taylor’s recent presentation:

Why cybersecurity matters to clients

Clients trust their attorneys. When a law firm suffers a technology breach and confidential information is threatened, the attorney-client relationship can be damaged. For clients, a breach can result in identity theft, financial vulnerability, and the exposure of personal details. A law firm might experience reputational harm, financial loss, or professional discipline.

Cybersecurity is a fundamental responsibility to prevent harm to both client and attorney.

The lawyer’s duty in a digital era

Lawyers and law firms are prime targets for cyber-attacks and data breaches. Think about it—a law office is a treasure trove of personal and professional data. You’ll find contact information, financial details, proprietary business plans, and personal records, all of which might be useful for someone looking to gain access to confidential or valuable information.

The foundation of the attorney-client relationship is rooted in trust. In the modern legal world, protecting client information is now part of an attorney’s ethical (and in many respects fiduciary) duties, as outlined in the Connecticut Rules of Professional Conduct.

At Barry, Taylor & Levesque, LLC, we employ reasonable measures to protect all sensitive client information stored on our technological devices.

Cybersecurity is an ethical mandate

Rapidly developing technology can complicate an attorney’s ethical obligations, but cybersecurity competency and a lawyer’s obligation to their clients are tied directly to the Connecticut Rules of Professional Conduct.

Rule 1.1 of the Connecticut Rules of Professional Conduct states that a lawyer must provide competent representation. Bar authorities have recognized that ‘competent representation’ includes technological competence, meaning attorneys should make reasonable efforts to identify and understand technological risks and act accordingly to protect their clients’ personal data.

Rule 1.6 states that attorneys must not reveal confidential information relating to the representation of a client. Attorneys should make reasonable efforts to prevent unauthorized access to a client’s personal data stored on office computers, mobile devices, in cloud storage, on remote work platforms, and all other digital spaces.

The digital world is changing rapidly. Lawyers should stay informed of possible threats and new tools to meet their ethical duties. The bottom line is that adequately protecting your clients information requires you to understand cybersecurity.

Strategies for strengthening data compliance

After discussing a lawyer’s fiduciary duty and cybersecurity ethics, Levesque and Taylor identified practical steps and strategies to strengthen cybersecurity and data compliance in a legal setting.

The cybersecurity goal for any law firm is clear—to keep client information secure. This, however, requires more than just good intentions. Lawyers must implement reasonable safeguards and take precautions to reduce risk and respond if a threat arises.

First, use secure technology, like multifactor authentication, protected communication portals, and updated software and hardware. This can help by adding another layer of protection to the firm’s confidential data.

Next, develop a detailed firm-wide incident response plan to determine exactly how your firm will react if a breach happens. Who is in charge of managing the response? How will clients be notified? How will the firm continue to operate during the interruption? Preparing before a breach occurs can help you recover faster.

Firm safeguards should also include employee training. Every member of staff should learn the basics of cybersecurity and the firm’s protocol for any cybersecurity attacks. Regular training can help employees recognize and act quickly when they see suspicious activity on their devices.

Our commitment to you

At Barry, Taylor & Levesque, LLC, we help clients in areas like Professional Responsibility, Criminal Defense, Personal Injury, NCAA Infractions, and Appellate Law. Often, this means we are in possession of some of the most sensitive details of our clients’ lives. We’re committed to staying current on legal ethics and cybersecurity best practices to ensure every client’s information is protected. Your privacy is our priority. Get in touch to learn more or to schedule a consultation with one of our attorneys.

The “Cybersecurity & Legal Ethics” seminar was presented at the Connecticut Bar Association on Thursday, October 30, 2025.