Darkest Hour? Shining a Light on Cyber Ethical Obligations

Level: Intermediate
Runtime: 93 minutes
Recorded Date: June 27, 2018
Click here to share this program
Download PDF


  • The Threat Environment Lawyers and Law Firms Face Today
  • The Legal Ethics Framework
  • Consequences of a Data Breach or Incident
  • What to Do Right Away after a Breach or Incident
  • What You Can Do Now to Protect Yourself and Your Clients
Runtime: 1 hour and 33 minutes
Recorded: June 27, 2018


Learn about key risks and how to avoid them, including metadata missteps, damaging electronic messages, record-keeping nightmares, portable device perils, social networking snafus, Wi-Fi pitfalls, outsourcing obstacle courses, cloud computing complications, and damaging data breaches.

Behind the scenes (and often underreported in media headlines), law firms are increasingly being targeted in cyber attacks because they are treasure troves of client information. These attacks raise implications for lawyers, law firms, and practitioners and their ethical duties, including competence, confidentiality, and supervision of lawyers and nonlawyers.

At the same time, technology has transformed the practice of law, providing unprecedented access to information, streamlined workflow, and instantaneous and cost-effective communications. Yet lawyers who race to use the latest and greatest technology do not always see the corresponding ethical issues lurking beneath the surface.

This program was recorded on June 27th, 2018.

Provided By

American Bar Association


Arlan McMillan

Chief Security Officer
Kirkland & Ellis, LLP

Arlan is responsible for firmwide cybersecurity, physical security, investigative services and business continuity management. He joined Kirkland from United Airlines, where he was the chief information security officer and HIPAA security officer. Arlan has over 20 years of experience working in information security and technology and is currently the Legal Sector Deputy Chief for the FBI-Infragard Midwest chapter.

Catherine Sanders Reach

Director of Law Practice Management & Technology
The Chicago Bar Association

Catherine Sanders Reach is Director, Law Practice Management and Technology for the Chicago Bar Association. She was the Director at the American Bar Association’s Legal Technology Resource Center, providing practice technology assistance to lawyers for over ten years. Prior to her work at the CBA and ABA she worked in library and information science environments for a number of years, working at Ross and Hardies as a librarian. She received a master’s degree in Library and Information Studies from the University of Alabama, Tuscaloosa in 1997.

Ms. Reach’s professional activities include articles published in Law Practice magazine, Law Technology News and GPSolo Magazine. She has given presentations on the use of technology in law firms for national bar conferences, state and local bar associations and organizations such as the National Association of Bar Council and the Association of American Law Schools. In 2011 she was selected to be one of the inaugural Fastcase 50, celebrating 50 innovators, techies, visionaries, and leaders in the field of law and in 2013 became a Fellow of the College of Law Practice Management. She served on the ABA TECHSHOW Board from 2007-2009, 2014-2016 and is co-vice chair for ABA TECHSHOW 2019. She is on the editorial advisory board emeritus for Law Technology News and on the Advisory Council of the ABA Standing Committee on the Delivery of Legal Services.

Karen Randall, Esq.

Founder & Chair of the Cybersecurity and Data Privacy Practice
Connell Foley LLP

Karen Randall is founder and chair of the Cybersecurity and Data Privacy practice, co-chair of the Professional Liability practice and a senior trial counsel at Connell Foley. She represents clients in complex litigation, and regulatory compliance and defense matters involving cybersecurity, data protection and privacy, social media and professional liability. Karen also has substantial experience with employment law, business litigation and insurance law. She provides counsel and advocacy in federal and state courts for both professionals and businesses across a broad range of industries.

Karen has an extensive background counseling lawyers and law firms, health care entities, financial institutions and retail clients by providing proactive plans to address the myriad cyber risks they each face. She serves as a "breach response coach" across various industries, as well as for cyber insurance carriers, and offers strategic solutions related to post-breach matters including statutory notification requirements, class action litigation, regulatory enforcement actions, forensics and crisis management. Karen also helps companies conduct risk/security assessments, as well as implement data security and information governance policies and procedures, and security awareness training for employees.

In addition, Karen maintains a strong professional liability practice, working closely with law firms, health care and assisted living institutions, architects and engineers, directors and officers and accountants. In her complex litigation work, she handles premises liability matters for major retailers and substance abuse treatment centers as well as amusement parks, concert venues and bowling centers. She defends these entities against diverse claims, including significant sexual molestation and elder abuse matters.

A member of the International Association of Privacy Professionals (IAPP) and co-chair of its New Jersey KnowledgeNet Chapter, Karen is integral to numerous efforts to educate lawyers on information security and the ethics of data protection. She received two ABA presidential appointments to serve on the Cybersecurity Legal Task Force and the Standing Committee on Lawyer’s Professional Liability. She is a founder and co-chair of the New Jersey State Bar Association’s Cybersecurity Legal Task Force. Karen also serves as vice chair of the USLAW Network Cybersecurity and Data Privacy Group and co-chaired the Claims and Litigation Management Alliance's (CLM) NYC Cyber Summit. In addition, she is a member of the HIMSS' Security and Privacy committee. Most recently, Karen was selected by Bloomberg BNA to serve as its New Jersey Contributing Editor on cyber and privacy issues for Bloomberg Law: Privacy & Data Security, focusing on the regulatory and compliance landscape of data protection laws in the U.S. and around the world.

A Fellow of the American Bar Foundation, Karen was appointed by Chief Justice Stuart Rabner to serve on the Board on Civil Trial Certification.

Karen's commitment to leadership, frequent speaking and writing underscore her trailblazing impact on the cybersecurity landscape.

Similar Courses

Card image cap
55 minutes
#ItsMyLane: Legal & Medical Ethics When Doctors Speak Out on Public Policy
From gun violence to abortion to medical marijuana, physicians feel increasing pressure to speak out on public policy issues. At the same time, public advocacy activities may expose physicians to licensure risks, prosecution, and even the threat of violence. Lawyers who advise physicians on such issues also face ethical and professional responsibility challenges, especially where there are legal and practical constraints on physicians' abilities to advocate for certain positions. Explore current controversies affecting physicians and public policy, and learn about the professional obligations of the lawyers who advise them.

American Bar Association


Add to Cart
Card image cap
93 minutes
'Scared. Ashamed. Crippled': Overcoming Mental Health Disabilities in Law
Feeling overwhelmed by your workload? Thinking about taking a mental health break from practice but worried about the stigma or impact it may have on your partnership track? Join Reed Smith counsel Mark Goldstein as he provides insight on how he was able to be a lawyer while coping with mental health disabilities. This very intimate discussion will also offer tips for attorneys who are currently struggling with mental health issues.

American Bar Association


Add to Cart
Card image cap
63 minutes
2018 CA Consumer Privacy Act: The Big Tail Wagging the U.S.
In this session, two leading information governance attorneys will share why you need to and how you can be ready.



Add to Cart
Card image cap
60 minutes
2019 HIPAA Update: Enforcing Privacy & Security Standards
In this session, we will discuss the most critical issues in the HIPAA update and best practices for enforcing privacy & security standards in your company.



Add to Cart
Previous Next