Legal Ethics & The Cloud
Lawyers have professional obligations to their clients that include a duty to keep client information confidential. Some commentators have questioned whether storage of information on the cloud is consistent with this duty. Legal ethics committees were originally slow to provide an opinion, but the answer is now clear. For example, here is what the Massachusetts State Bar Association has recently opined:
“A lawyer generally may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution … so long as the lawyer undertakes reasonable efforts to ensure that the provider’s terms of use and data privacy policies, practices and procedures are compatible with the lawyer’s professional obligations, including the obligation to protect confidential client information.”
Other opinions have all been consistent with this. There is no ethical breach for using the cloud, provided that the lawyer uses reasonable efforts to ensure that the particular cloud service will protect the client’s data. Not all cloud services will qualify – lawyers have an obligation to study any service they propose to use and make sure it does.
Amicus Cloud clearly qualifies.
However, others do not. Any lawyer considering a cloud solution should understand the various security issues described on our Security page. If you are looking at any other cloud product, whether legal-specific or not, you should be asking the vendor those security questions before committing client data to it. And read their terms of service, to be sure they are respecting your data.
Worthy of note:
- While using a qualifying cloud solution is ethical, how you use it may not be. For example, the California Ethics Committee has issued an opinion that using public wireless (a hotspot) to conduct business does not protect client confidentiality.
- Generic cloud document storage systems that were not designed for lawyers probably do not qualify (e.g. Dropbox).
- Some popular public email systems are in fact cloud solutions, and probably do not qualify either. For example, the Gmail license agreement expressly gives Google the right to retain your emails and use them for various purposes, including advertising services.
If you are interested in further reading, the following links should be helpful:
For an article about the Massachusetts State Bar opinion, including a list of other State Bar ethics opinions, see:
http://www.catalystsecure.com/blog/2012/07/mass-joins-other-states-in-ruling-that-cloud-computing-is-ethical-for-lawyers/
Canadian (BC) law society opinion:
http://www.lawsociety.bc.ca/docs/publications/reports/CloudComputing_2012.pdf
Warning not to use public wifi hotspots:
http://lawyertechreview.com/2012/are-public-wifi-networks-safe
California ethics opinion on same:
http://ethics.calbar.ca.gov/LinkClick.aspx?fileticket=wmqECiHp7h4=&tabid=837
Articles on evaluating cloud providers:
http://www.abajournal.com/magazine/article/safe_in_the_cloud_online_service_risks_need_care_and_coverage http://www.americanbar.org/newsletter/publications/youraba/201206article12.html
http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/saas.html
http://www.lawtechnologytoday.org/2012/06/evaluating-cloud-computing-providers
Security Considerations (Warnings against public solutions like Dropbox, Gmail, etc)
http://venturebeat.com/2012/08/01/dropbox-has-become-problem-child-of-cloud-security http://www.rolandschorr.com/blogs/index.php/oh-dropbox-we-loved-you?blog=6
http://www.dcig.com/2012/08/answering-the-question-is-your-data-safe-in-public-cloud.html http://lawyertechreview.com/2011/cloud-based-storage-hot-topic-lawyers
http://lawyertechreview.com/2011/dropbox-in-the-hot-seat/
http://www.thesoulpractitioner.com/%C2%A0/alabama-ethics-and-dropbox
http://www.officeforlawyers.com/lawtech/hosting.html
http://www.azattorneymag-digital.com/azattorneymag/201210/#pg40
http://hytechlawyer.com/?p=345
http://www.securityblawg.com/2012/08/dropbox-for-lawyers.html
http://www.abajournal.com/magazine/article/safe_in_the_cloud_online_service_risks_need_care_and_coverage
On the other hand, law firm networks can be hacked too. Even large law firm servers are not secure: