New ethics opinion focuses on Windows XP and computer security
Share |

The ISBA’s Ethics and Practice Guidelines Committee has issued a new ethics opinion, 14-01, clarifying the responsibility attorneys have for safeguarding client information. The opinion provides guidance in light of Microsoft’s announcement that it will stop supporting the Windows XP operating system on April 8.

Cyber security firms are concerned that hackers may take advantage of the company’s discontinued support, including security patches, for the 12-year-old operating system. A survey by the International Legal Technology Association estimates that 37 percent of law firms still use Windows XP, in part because many of the software programs they use are not compatible with later versions of the Windows operating system.

The new opinion refers back to Ethics Opinion 11-01. That opinion requires lawyers to engage in a "due diligence process which assesses the realistic potential for risk, the damage which could be caused thereby and the estimated cost of remediation.”

Opinion 14-01 points out that the security status change for the Microsoft XP operating system "highlights the fact that the duty of due diligence in assessing system security is an ongoing one; programs and procedures which were secure two years ago may not be secure now,” and places the responsibility for needed changes in the hands of individual law firms.

View the complete opinion.