Law 1/22 was published on February 1, 2022, providing a new legal responsibility for layers to secure their clients information. The lawyer will be required to test the credibility of his suppliers and will have to prepare for a cyber-attack. Also, the lawyer will be obligated to undergo training in information security. Failure to comply with the procedures will constitute a breach of ethical duty and will result in disciplinary action.  

The obligation of confidentiality is set forth in Rule 19 of the Rules of the Bar Association (professional ethics) imposes on the lawyer the responsibility regarding the protection of his client’s confidentiality and thus entails as well an ethical duty to secure the confidential information.

The main recommendations

1. Use and purchase of services:
2. The lawyer will use different technological means depending on the degree of sensitivity of the materials and the level of impact on the client.
3. For further clarification, a provider of free technology services, including an e-mail server that are exposed to confidential information, do not meet the required information security requirements. The National Ethics Committee will regard the lawyer who uses a free mail server (such as gmail) to receive and send customer information as someone who allegedly violates the information security obligation. 

• Protection and security: 
• The lawyer must adequately secure all digital means in his use, including email, web browsing, and workstations.
• The lawyer must ensure that measures are taken to secure the confidential information, including taking appropriate measures to secure the work environment.
• The lawyer must take reasonable measures and ensure that all of the software’s that are used by him receives regular security updates.
• The lawyer must secure the procedure for logging in to the technological means with passwords that will not be easily discovered.
• The lawyer must secure the procedure for entering the technological means remotely by using accepted and up-to-date means of security.
• The lawyer must ensure that the visual media he uses does not leave access to a third party and is not watched and/or recorded and/or filmed by a third party without the knowledge of the participants in the meeting.

• The lawyer must prepare for a cyber incident, information security and invasion of privacy at a high level of reasonableness in order to ensure a fast recovery, including backing up the confidential information.
• The lawyer is obligated to update his client in the event of a discovery of a security breach to confidential information related to his representation.

For more information on the above or in other matters, please contact Oren Speiser (orens@grs-law.co.il) or Shai Granot (shaig@grs-law.co.il). 

This review is based on publicly available information and given for information purposes only. It is not intended as legal advice or as a comprehensive analysis of the matters referred to herein.