Your duty to protect client confidences, your state safe-harbor protection, and your firm’s cybersecurity are no longer three separate problems — they’re one. Briggs IT helps Texas law firms understand what the rules require and build the written proof that they’ve met it.
For years, protecting client information was a matter of professional courtesy and good practice. That’s over. Texas attorneys are now held to a duty of technological competence — the State Bar’s ethics opinions have made clear that a lawyer must take reasonable steps to safeguard client confidences against foreseeable unauthorized access, including across email, cloud services, and AI tools. The duty is no longer aspirational. It’s an expectation you’re measured against.
At the same time, Texas Senate Bill 2610 (SB 2610) created something new: an affirmative safe harbor against punitive damages for a firm that has implemented and documented a qualifying cybersecurity program. Here’s what that means in plain terms — in the event of a breach, your firm is either able to show, in writing, that it qualified, or it isn’t. That single distinction can be what stands between a manageable incident and your partners’ personal exposure. The program isn’t paperwork for its own sake. It’s the documentation that protects the people who own the firm.
Every engagement is paced to the firm, but a typical first three months looks like this: