Legal Ethics & The Cloud
Lawyers have professional obligations to their clients that include a duty to keep client information confidential. Some commentators have questioned whether storage of information on the cloud is consistent with this duty. Legal ethics committees were originally slow to provide an opinion, but the answer is now clear. For example, here is what the Massachusetts State Bar Association has recently opined:
Other opinions have all been consistent with this. There is no ethical breach for using the cloud, provided that the lawyer uses reasonable efforts to ensure that the particular cloud service will protect the client’s data. Not all cloud services will qualify – lawyers have an obligation to study any service they propose to use and make sure it does.
Amicus Cloud clearly qualifies.
However, others do not. Any lawyer considering a cloud solution should understand the various security issues described on our Security page. If you are looking at any other cloud product, whether legal-specific or not, you should be asking the vendor those security questions before committing client data to it. And read their terms of service, to be sure they are respecting your data.
Worthy of note:
- While using a qualifying cloud solution is ethical, how you use it may not be. For example, the California Ethics Committee has issued an opinion that using public wireless (a hotspot) to conduct business does not protect client confidentiality.
- Generic cloud document storage systems that were not designed for lawyers probably do not qualify (e.g. Dropbox).
- Some popular public email systems are in fact cloud solutions, and probably do not qualify either. For example, the Gmail license agreement expressly gives Google the right to retain your emails and use them for various purposes, including advertising services.
If you are interested in further reading, the following links should be helpful:
For an article about the Massachusetts State Bar opinion, including a list of other State Bar ethics opinions, see:
Articles on evaluating cloud providers:
Security Considerations (Warnings against public solutions like Dropbox, Gmail, etc)
On the other hand, law firm networks can be hacked too. Even large law firm servers are not secure: