The Report and Resolution 118, adopted at the 2013 Annual Meeting in San Francisco, "condemns intrusions into computer systems and networks utilized by lawyers and law firms and urges federal, state, and other governmental bodies to examine and amend existing laws to fight such intrusions."
From the Introductory paragraph of the report:
This Report explains the American Bar Association’s (“ABA”) resolution regarding the growing problem of intrusions into the computer networks utilized by lawyers and law firms. It notes the alarming rise of attacks on these electronic networks and the recent rise of nation states as significant actors in hacking activities over the past decade. The Report also condemns these unauthorized, illegal intrusions and urges governmental bodies at all levels—federal, state, local, territorial, and tribal—to examine, and if necessary, amend or supplement existing laws to deter and punish these intrusions but only in a manner that respects and protects client confidentiality, the broader confidential lawyer-client relationship, and traditional state court regulation and oversight of lawyers and the legal profession. Further, the Report notes the different measures available to combat hacking, including diplomatic and law enforcement tools, legislation, and regulatory measures. This Report also underscores the importance of protecting confidential client information, the attorney-client privilege, and other core legal principles. Finally, the Report describes the ethical rules and professional obligations of lawyers and law firms implicated by information security breaches. This includes the lawyer’s obligation to take reasonable steps to prevent the unauthorized disclosure of or unauthorized access to confidential client information and, when necessary, inform clients of such breaches should they occur. Overall, the Resolution builds upon the several ABA Resolutions passed by the House of Delegates and Board of Governors relating to information security and client confidentiality. Moreover, it is the expectation of the Task Force that there will be additional resolutions on cyber dealing with the issues of privacy, legal and illegal intrusions, and government responsibilities. This resolution does not address U.S. government activities authorized by law in the national security realm.