Law firms have never been very good with technology, and now they are struggling, as breaches in firms have made headlines and clients increasingly are asking questions about their security programs. Law firms are basically the same as any other company when it comes to countering cyber attacks and protecting their confidential and proprietary data. The only difference is that law firms have ethical rules that require confidentiality of attorney-client and work product data. These ethics rules already have provisions addressing metadata and email, so if either of these were disclosed, an ethics issue is already in play. Whether a firm is ethically obligated to report a security breach of attorney-client documents to its clients is a question that many security professionals have bandied about. Read More at Law Practice Magazine by American Bar Association!