Raising the Bar for Legal Cloud Computing

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

State bar groups and even the American Bar Association are chiming in on the ethics and permissibility of legal cloud computing technologies.

legal cloud computingLike most other verticals, law firms are attracted to cloud computing for its combination of functionality and reduced cost. Befitting a barrister, the legal profession’s use of cloud computing is getting a fair bit of scrutiny, with state bar groups and even the American Bar Association chiming in on the ethics and permissibility of legal cloud computing technologies.

After all, lawyers handle a great deal of sensitive information and are under fairly strict regulatory mandates to protect client confidentiality, chain-of-information custody, and data security and integrity. And they’re lawyers, so crafting Byzantine guidelines comes rather naturally.

Related articles

If there’s a recurring theme in the legal vertical’s cloud directives, it’s that cloud service providers need to show -- beyond a reasonable doubt, one presumes -- their cloud and SaaS offerings meet strict minimum standards. Any solution provider hoping to add legal cloud computing to their lawyerly clients’ bill of fare should take note of the industry’s main concerns.

So far, 15 state bar associations have issued opinions guiding the professional use of legal cloud computing. All have concluded cloud computing is suitable for lawyers to handle most of the work of their firms. Where they differ most is in the definition of “reasonable care” that all of the industry groups say needs to be applied to the adoption of cloud computing in law offices.

Three state bar groups -- Maine, New Jersey and New York -- put the heaviest burden on legal cloud computing vendors, including language in their opinions that say the vendor, and possibly its employees, should have an enforceable obligation to maintain confidentiality.

At the other end of the spectrum are states bar association like the one in Connecticut, the most recent to opine on the cloud computing question, which said “The ultimate responsibility for insuring the privacy and security of the data resides with the user purchasing the cloud services. While much of the physical, technical, and administrative safeguards are handled by the cloud service provider, the user will still retain responsibility for a significant portion of these safeguards.”

Most fall somewhere in the middle, with guidelines that encourage dialog between lawyers and service providers so that the client understands how data is handled, who is responsible for it when problems arise and how security and privacy protocols are enforced or updated.

In a formal ethics opinion on the matter, the North Carolina State Bar makes some specific references to the legal cloud computing SLA.

Given the rapidity with which computer technology changes, law firms are encouraged to consult periodically with professionals competent in the area of online security. Some recommended security measures are listed below.

  • Inclusion in the SaaS vendor’s Terms of Service or service-level agreement, or in a separate agreement between the SaaS vendor and the lawyer or law firm, of an agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities.

  • If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm will have a method for retrieving the data, the data will be available in a non-proprietary format that the law firm can access, or the firm will have access to the vendor’s software or source code. The SaaS vendor is contractually required to return or destroy the hosted data promptly at the request of the law firm.

  • Careful review of the terms of the law firm’s user or license agreement with the SaaS vendor including the security policy.

  • Evaluation of the SaaS vendor’s (or any third party data hosting company’s) measures for safeguarding the security and confidentiality of stored data including, but not limited to, firewalls, encryption techniques, socket security features, and intrusion-detection systems.4

  • Evaluation of the extent to which the SaaS vendor backs up hosted data.

The state bar groups that have weighed in on cloud computing have suggestions and guidelines that are fairly consistent, with the occasional quaint throwback, like the Vermont Bar’s suggestion that lawyers carefully “consider whether certain types of data (e.g. wills) must be retained in original paper format.”

The American Bar Association has a good rundown of the variations in cloud computing opinions state by state. And in fact, the ABA gives legal cloud computing a significant endorsement in its own evaluation of the technology.

"A legitimate argument can be made that files stored on the vendor's servers are more secure than those located on a typical attorney's PC, as the vendors often employ elaborate security measures and multiple redundant backups in their data centers," ABA officials wrote.

Legal Cloud Computing for the Provider

The important element for service providers is to recognize that in a world rapidly migrating to the cloud with little compunction, the legal vertical is taking a measured approach to the technology with some serious discussions of the underlying ethics as they pertain to their profession.

Understanding these ethical considerations can help a cloud service purveyor hit the key points of concern when pitching law-firm clients and crafting their practices with a fine, value-added focus on legal cloud computing that resonates with this profitable vertical.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Want to keep on top of all the North American channel news?

More on Channel Business
shadow-banking-web

Shadow IT brings ups as well as downs

While shadow IT poses a threat for solution providers, there are advantages to be found as well

mock3-0913

Channel millennials to learn from older peers with new CompTIA initiative

Initiative may help with 2015 emerging threat of millennial expectations

NY traffic lights

Gigamon launches partner program

Traffic visibility firm includes pre- and post-sales training certifications in new partner program

Sales online and in the shops

Black Friday wearable tech uptake splits industry

Shoppers may have snapped up a bargain wearable device on Friday, but just how much impact will this have when they choose to wear it to work today?

Visitor comments
Add comments
blog comments powered by Disqus
In-depth
Road to city

Evolution to as-a-service a rocky road for VARs

The much-discussed service provider route does not come without repeated bumps in the road for solution providers

team-of-toy-figures-putting-a-final-jigsaw-piece-into-place

EMC’s VMware remains intact — for now

Amid a rapidly consolidating and converging technology market, the storage giant staves off the spin-off of its virtualization software arm and stays ‘whole’

business-help

VARs need to evolve; vendors can help them do it

Who bears responsibility for helping the channel adopt new business models?

charles-foley-watchful

Vendor Q&A Series: Charles Foley, Watchful Software

The latest channel exec to sit in the Channelnomics hotseat is Watchful Software's chairman and CEO