An IT system outage is disruptive on any day, but odds are it will coincide with a critical filing deadline for someone in your firm. This is a stark reminder that data disaster recovery is not “just an IT concern”. Being prepared for every possible emergency and contingency is directly tied to ethical and professional obligations.
Targeted cyberattacks such as ransomware and phishing are critical to protect against, but many data outages are less dramatic. Ordinary operational risks, such as human error, cloud or email outages, power or hardware failures, or device or software misconfiguration, can also create an urgent data issue.
No matter the initial cause of the disaster, your firm is at risk of:
- Missed court deadlines and filings
- Inability to access timekeeping or billing systems
- Delayed client communication
- Increased malpractice exposure
- Reputational damage and loss of client confidence
Ethical Requirements
The ABA Model Rules of Professional Conduct do not explicitly mention disaster recovery. However, they clearly apply to how firms prepare for and respond to operational disruptions, especially those around the attorney-client relationship.
- Competence In practice, that means understanding your technology and recognizing how system outages, data loss, or cyber incidents could impair representation if no recovery plan is in place.
- Diligence and Timeliness Courts and clients do not pause deadlines because a firm’s systems are unavailable. Inadequate recovery capabilities can lead to delays that directly conflict with an attorney’s duty to act promptly.
- Confidentiality The Model Rules require reasonable safeguards to protect client information from unauthorized access or loss. Poorly secured backups or rushed workarounds during recovery can expose sensitive data and create ethical risk.
- Clear And Timely Client Communication Extended outages that limit access to email, files, or phone systems can undermine this obligation and erode client trust.
Developing a Recovery Plan
A strong data outage recovery plan will help your staff and attorneys uphold these rules by
- Ensuring continued access to client files and systems
- Preventing missed deadlines and workflow breakdowns
- Protecting data integrity during system failures
An effective recovery plan is not about preparing for every conceivable scenario. It is about taking steps to ensure your firm can continue meeting its professional obligations when systems fail or access is disrupted.
At a minimum, your plan should define how quickly critical systems must be restored and how much data loss is acceptable, if any. These decisions should be made with your firm’s workflows in mind, such as access to client files, email, e-filing systems, timekeeping, and billing.
The plan should also ensure that backups are secure, reliable, and tested regularly. Backups that exist but cannot be restored quickly or safely offer little protection as deadlines approach.
Aside from what needs to be done, attorneys and staff should know who to contact, what steps will be taken, and how work will continue during an outage. Relying on ad hoc decision-making during a crisis increases both operational disruption and ethical risk.
Finally, disaster recovery planning is not a one-time exercise. Systems, staff roles, and threats change over time. Regular testing, reviews, and updates help ensure your plan continues to work as your firm’s technology and needs evolve.
Preparedness, when done with a trusted expert like FSA Consulting, enables your firm to continue serving clients competently, diligently, and responsibly when it matters most. Contact us today to start developing your recovery plan.