Most commentary on this topic focuses on the "ethical rules" which are in place in just about every state which govern the practice of law. I don't focus on these rules at all, because those rules are good at shifting the blame from the "leaker" to the lawyer. I think lawyers get blamed for enough things which are not their own doing, and the blame-shifting is only good for other lawyers to find a deep pocket (read: money) to go after in court.
That does nothing -- nothing at all -- to keep your data safe. Preventing your loss is my focus here. So-called deterrence is useless Monday-morning-quarterbacking that others can engage in to try to sound smart. But that does you no good at all, not before your loss and certainly not afterwards.