Whether or not to use the Cloud in your legal practice: that is the question. To be, or not to be, in the Cloud depends heavily on the ethical rules that guide our profession. Not surprisingly, those ethics commissions are having just as much difficulty grappling with the question as are the ordinary practitioners faced with the attractive option of SaaS and cloud products. Is there an ethical trap inherent in the use of these tools, just waiting to be sprung?
Fortunately, the ABA Commission on Ethics is striving to be realistic in its approach to the use of cloud computing and possible violation of client confidentiality. The Commission has drafted a proposal to assist lawyers in making decisions regarding cloud services.
The gist of the proposal, as well as the gist of the ethics opinions rendered by state bar associations, is that a lawyer need take “reasonable” steps to ensure client confidentiality and that this same standard applies to use of the cloud to transmit client data. Some opinions also combine the concept of flexibility with reasonableness, clearly a nod to the “everchanging nature” of technology. Protection level may be adjusted based on the client’s needs and nature of the information involved. And, rightly so, the onus should be on the lawyer to establish that he or she acted reasonably with respect to the use of technology for storage, manipulation and transfer of data. This includes a showing that the lawyer acted diligently by, for example, analyzing terms of service, privacy policies, security features and actively took the steps necessary to ensure the greatest level of protection available. This does not inecessarily require a complete refusal to use anything cloud in support of your practice.
Take a look at some of the reported ethics opinions. From these, you should be able to get a sense of what is required of you when you opt to look to skyward for technological assistance. And remember, just because it comes from the cloud doesn’t necessarily mean that something wicked this way comes.
- Iowa State Bar Association Committee on Ethics and Practice Guidelines: Ethics Opinion 11-01 Use of Software as a Service – Cloud Computing – September 9, 2011
- Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility: Informal Opinion 2010-60 (January 1, 2011) – no link
- New York State Bar Association Committee on Professional Ethics: Opinion 842 – September 9, 2010
- State Bar of Arizona Ethics Opinion 09-04: Confidentiality; Maintaining Client Files; Electronic Storage; Internet - December 2, 2009
- New York State Bar Association Committee on Professional Ethics: Opinion 820 – February 8, 2008)
- Maine State Bar Professional Ethics Commission: “Client Confidences: Confidential firm data held electronically and handled by technicians for third-party vendors;” Opinion 194 – June 30, 2008
- New Jersey Bar Advisory Committee on Professional Ethics: “Electronic Storage and Access of Client Files;” Opinion 701 – April 24, 2006
- State Bar of Arizona Ethics Opinion 05-04: Electronic Storage; Confidentiality July, 2005