Cybersecurity and Tech Competence for Beginners
It starts with our need to protect the information that clients entrust to us. An excerpt from the State Bar of Texas Podcast
The State Bar of Texas Podcast is a monthly show produced with the Legal Talk Network featuring news and discussions for Texas attorneys and others interested in the law. To listen in, go to texasbar.com/podcast.
Texas attorneys are duty bound to become and remain competent in their legal practice—and that includes staying up to date on technology.1 In 2019, Texas became the 36th state to revise its definition of competence to include knowing the benefits and risks associated with relevant technology.2
The December episode of the State Bar of Texas Podcast featured a year-end discussion of major developments in cybersecurity, appellate, and family law. In this excerpt, host Rocky Dhir asks guest Shawn Tuma, a partner in Spencer Fane who has focused on cybersecurity since 1998, to cover the basics for attorneys who may only understand these issues in the abstract.
Tuma: First and foremost, for an attorney, it all starts with our duty of confidentiality to our clients and our duty to protect confidential client information. So it starts with us—in our own practices, in our own law firms—and the need to protect the information that clients entrust over to us. That’s referenced in the ABA Model Rules and the Texas Disciplinary Rules, and we also see it with many more sophisticated companies now that our clients are inquiring and mandating that law firms use appropriate cybersecurity to protect the information they entrust to us. So from a business standpoint and an ethical standpoint, we lawyers have a duty to protect the information that we’ve been given.
And add to that, Texas recently enacted, or the Supreme Court approved, the duty of technological competence for Texas lawyers. So part of that duty of technological competence is the duty to understand the tools we are using, the tools we need to use in the practice of law, and how to use those appropriately, which really comes down in a lot of cases to things like e-discovery tools, email, protecting our communications, things like that—using what’s appropriate for the situation.
Dhir: So you actually have to know the technology as well as the legal framework that surrounds it. You actually have to understand the types of servers and the types of technologies that people would use in different industries to do what you do.
Tuma: You need to have a good idea of it, and you need to have a strong support network of other professionals that you can go to when you need more granular detail. You’ve got to know when to call in the experts. TBJ