New Jersey updates security incident reporting requirements for attorneys

Blog Post

The New Jersey Supreme Court recently issued new guidelines governing attorneys and law firms’ ethical obligations to report certain cybersecurity incidents. New Jersey’s guidelines come at a time when many other courts and attorney regulatory bodies across the United States are considering the security threats to the privacy of sensitive information clients entrust their attorneys.

Being treasure troves of sensitive information, law firms have long been targets of ransomware attacks that steal sensitive data to extort a ransom payment, email hacks, and other forms of cybercrime. Law firms that experience data security incidents should carefully consider their state, federal, and Bar reporting requirements, many of which carry civil, criminal, and licensing penalties if not complied with. Additionally, law firms should take care to implement data security policies and procedures and conduct routine employee cybersecurity awareness trainings to mitigate cybersecurity risks.

Attorneys from McDonald Hopkins’ national Data Privacy and Cybersecurity Practice Group are available to counsel law firms on their statutory and ethical obligations to protect confidential data and respond to known and suspected cyberattacks.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.