Law firms—large and small—are prime targets for hackers and data thieves. But many lawyers, law firms, and litigation support personnel lack the training, systems, and technologies needed to effectively fulfill their obligations under ABA Model Rule 1.6(c) to maintain client confidences, under Rule 4.4(b) to properly handle non-client information, or under Rules 5.2 and 5.3 to effectively supervise associates and assistants. This panel discusses the professional responsibility obligations regarding privacy and data security, the practical measures that law firms can and should undertake, and the issue of security when exchanging information in discovery.