Sometimes lawyers are as slow to adapt to change as the Catholic Church. Many lawyers have not yet embraced the internet dogma or accepted the reality that technology can be good. As a result, many law firms are not taking advantage of the time and cost savings the internet can provide. Cloud computing use by law firms is one of those things.
The term, “cloud computing,” refers to the offering of storage services and applications over the Internet, or “in the cloud.” It can be used for time recording and billing, document management, electronic discovery, scheduling, as well as many other office functions. These applications are particularly attractive to smaller law firms, which may not have the computer hardware and staff to manage large amounts of data onsite. Cloud computing is also scalable, making a good option for growing firms. Lastly, since many cloud applications allow users to access documents from anywhere, they are also useful for law firms with employees who often work remotely.
So if the cloud offers so many benefits, why aren’t all firms using it? Unfortunately, there is one glaring concern—security. Over the past few years, several cloud-computing providers like Dropbox have fallen victim to security breaches. Therefore, it is natural that many law firms are concerned about uploading their business and client information to the cloud. There are many evolving ethics questions that are not settled in many states so caution is advisable.
There are, however, some precautions that law firms can take to prevent data-related liability: First, law firms should carefully research the security of all cloud applications before transferring any data as well as determine the sensitivity of the data being transferred. For instance, firms may prefer to only transfer less sensitive data to the cloud and keep financial and customer-related data onsite.
While this may go without saying, law firms should also carefully evaluate the terms of the service contract. Standard cloud computing contracts are often extremely one-sided; they generally impose responsibility for security and data protection on the customer, disclaim all liability, offer no warranties, and give the vendor the right to suspend service at will. As such, they should only be a starting point for negotiations. Requiring the service provider to sign a non-disclosure agreement is also a good idea.
Finally, because lawyers have a duty to safeguard confidential client information, cloud computing also raises ethical concerns for lawyers. However, the state ethics panels that have weighed in on the issue have all concluded that lawyers may use the cloud, as long as they use reasonable care to minimize risks to clients.
As explained by the North Carolina Bar, “A lawyer must fulfill the duties to protect confidential client information and to safeguard client files by applying the same diligence and competency to manage the risks of [cloud computing] that the lawyer is required to apply when representing clients.”