Raising the Bar for Legal Cloud Computing

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

State bar groups and even the American Bar Association are chiming in on the ethics and permissibility of legal cloud computing technologies.

legal cloud computingLike most other verticals, law firms are attracted to cloud computing for its combination of functionality and reduced cost. Befitting a barrister, the legal profession’s use of cloud computing is getting a fair bit of scrutiny, with state bar groups and even the American Bar Association chiming in on the ethics and permissibility of legal cloud computing technologies.

After all, lawyers handle a great deal of sensitive information and are under fairly strict regulatory mandates to protect client confidentiality, chain-of-information custody, and data security and integrity. And they’re lawyers, so crafting Byzantine guidelines comes rather naturally.

Related articles

If there’s a recurring theme in the legal vertical’s cloud directives, it’s that cloud service providers need to show -- beyond a reasonable doubt, one presumes -- their cloud and SaaS offerings meet strict minimum standards. Any solution provider hoping to add legal cloud computing to their lawyerly clients’ bill of fare should take note of the industry’s main concerns.

So far, 15 state bar associations have issued opinions guiding the professional use of legal cloud computing. All have concluded cloud computing is suitable for lawyers to handle most of the work of their firms. Where they differ most is in the definition of “reasonable care” that all of the industry groups say needs to be applied to the adoption of cloud computing in law offices.

Three state bar groups -- Maine, New Jersey and New York -- put the heaviest burden on legal cloud computing vendors, including language in their opinions that say the vendor, and possibly its employees, should have an enforceable obligation to maintain confidentiality.

At the other end of the spectrum are states bar association like the one in Connecticut, the most recent to opine on the cloud computing question, which said “The ultimate responsibility for insuring the privacy and security of the data resides with the user purchasing the cloud services. While much of the physical, technical, and administrative safeguards are handled by the cloud service provider, the user will still retain responsibility for a significant portion of these safeguards.”

Most fall somewhere in the middle, with guidelines that encourage dialog between lawyers and service providers so that the client understands how data is handled, who is responsible for it when problems arise and how security and privacy protocols are enforced or updated.

In a formal ethics opinion on the matter, the North Carolina State Bar makes some specific references to the legal cloud computing SLA.

Given the rapidity with which computer technology changes, law firms are encouraged to consult periodically with professionals competent in the area of online security. Some recommended security measures are listed below.

  • Inclusion in the SaaS vendor’s Terms of Service or service-level agreement, or in a separate agreement between the SaaS vendor and the lawyer or law firm, of an agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities.

  • If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm will have a method for retrieving the data, the data will be available in a non-proprietary format that the law firm can access, or the firm will have access to the vendor’s software or source code. The SaaS vendor is contractually required to return or destroy the hosted data promptly at the request of the law firm.

  • Careful review of the terms of the law firm’s user or license agreement with the SaaS vendor including the security policy.

  • Evaluation of the SaaS vendor’s (or any third party data hosting company’s) measures for safeguarding the security and confidentiality of stored data including, but not limited to, firewalls, encryption techniques, socket security features, and intrusion-detection systems.4

  • Evaluation of the extent to which the SaaS vendor backs up hosted data.

The state bar groups that have weighed in on cloud computing have suggestions and guidelines that are fairly consistent, with the occasional quaint throwback, like the Vermont Bar’s suggestion that lawyers carefully “consider whether certain types of data (e.g. wills) must be retained in original paper format.”

The American Bar Association has a good rundown of the variations in cloud computing opinions state by state. And in fact, the ABA gives legal cloud computing a significant endorsement in its own evaluation of the technology.

"A legitimate argument can be made that files stored on the vendor's servers are more secure than those located on a typical attorney's PC, as the vendors often employ elaborate security measures and multiple redundant backups in their data centers," ABA officials wrote.

Legal Cloud Computing for the Provider

The important element for service providers is to recognize that in a world rapidly migrating to the cloud with little compunction, the legal vertical is taking a measured approach to the technology with some serious discussions of the underlying ethics as they pertain to their profession.

Understanding these ethical considerations can help a cloud service purveyor hit the key points of concern when pitching law-firm clients and crafting their practices with a fine, value-added focus on legal cloud computing that resonates with this profitable vertical.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  
More on Channel Business
data-quality

Value over volume, RackWare says of expanded channel partner program

Aim is to have the right coverage with close relationships, VP says

divorce-pa

The velvet divorce? Options and disruptions to come from HP split

News that Hewlett-Packard is breaking into two companies continues to reverberate through the channel. While the ultimate impact on HP partners and customers remains unclear, the new entities will have plenty of options for plying their futures

treasure-chest-with-gold-coins

Channel strikes gold selling to non-techies

Tech sales staff busy selling to business units as much as tech staff, according to Gartner

jessica-m-225x300

Welcome to the new Channelnomics

Channelnomics goes live with new-look site. Join us on Twitter to give us your thoughts - @channelnomics

Visitor comments
Add comments
blog comments powered by Disqus
In-depth
Broken heart

An amicable split?

Where will HP and Symantec's conclusion that the sum of their parts is greater than the whole leave partners?

elvis67878787

Suspicious minds in the post-Snowden world

Investment in new technologies being avoided with security experts wary of cloud and new technologies post-Snowden

Old-fashioned cash register

Vendors need to get with the times, Channel conference hears

MSPs need up-to-date support from vendors, including working together

seo-checklist

‘Internet of Things’ shifting IT spending priorities

Analyst firm Gartner says enterprises spent more than $40 billion on what could be called Internet of Things (IoT) programs. As more IP-enabled devices get connected, enterprises may shift spending patterns and disrupt the way IT is acquired and supported