Law Firms
Attorneys and law practices handling client confidential information
Binding framework
ABA Model Rules 1.1 (Competence) and 1.6(c) (Confidentiality); California Rule of Professional Conduct 1.6
Every California attorney is under an active professional conduct obligation to make reasonable efforts to prevent unauthorized disclosure of client information — that is a bar ethics requirement, not a best-practice suggestion.
Key obligations (summary)
- Technological competence including cybersecurity risks relevant to client data
- Reasonable efforts to prevent unauthorized access or disclosure of client information
- Competent response to breaches and client notification where required (ABA Formal Op. 483)
- Assessment of electronic communication methods for client data (ABA Formal Op. 477R)
How Legacy Core fits
Legacy Core helps firms document and communicate cybersecurity readiness practices clients and carriers increasingly ask about. It is not a bar ethics opinion, malpractice safe harbor, or compliance certification.
Do not claim
- · Legacy Core satisfies ABA or State Bar cybersecurity formal opinions
- · California State Bar issued a 2025–26 cybersecurity formal opinion (not confirmed in research)
Primary sources
Confidence: HIGH. Last reviewed 2026-07-13.