Raising the Bar for Legal Cloud Computing

State bar groups and even the American Bar Association are chiming in on the ethics and permissibility of legal cloud computing technologies.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

legal cloud computingLike most other verticals, law firms are attracted to cloud computing for its combination of functionality and reduced cost. Befitting a barrister, the legal profession’s use of cloud computing is getting a fair bit of scrutiny, with state bar groups and even the American Bar Association chiming in on the ethics and permissibility of legal cloud computing technologies.

After all, lawyers handle a great deal of sensitive information and are under fairly strict regulatory mandates to protect client confidentiality, chain-of-information custody, and data security and integrity. And they’re lawyers, so crafting Byzantine guidelines comes rather naturally.

Related articles

If there’s a recurring theme in the legal vertical’s cloud directives, it’s that cloud service providers need to show -- beyond a reasonable doubt, one presumes -- their cloud and SaaS offerings meet strict minimum standards. Any solution provider hoping to add legal cloud computing to their lawyerly clients’ bill of fare should take note of the industry’s main concerns.

So far, 15 state bar associations have issued opinions guiding the professional use of legal cloud computing. All have concluded cloud computing is suitable for lawyers to handle most of the work of their firms. Where they differ most is in the definition of “reasonable care” that all of the industry groups say needs to be applied to the adoption of cloud computing in law offices.

Three state bar groups -- Maine, New Jersey and New York -- put the heaviest burden on legal cloud computing vendors, including language in their opinions that say the vendor, and possibly its employees, should have an enforceable obligation to maintain confidentiality.

At the other end of the spectrum are states bar association like the one in Connecticut, the most recent to opine on the cloud computing question, which said “The ultimate responsibility for insuring the privacy and security of the data resides with the user purchasing the cloud services. While much of the physical, technical, and administrative safeguards are handled by the cloud service provider, the user will still retain responsibility for a significant portion of these safeguards.”

Most fall somewhere in the middle, with guidelines that encourage dialog between lawyers and service providers so that the client understands how data is handled, who is responsible for it when problems arise and how security and privacy protocols are enforced or updated.

In a formal ethics opinion on the matter, the North Carolina State Bar makes some specific references to the legal cloud computing SLA.

Given the rapidity with which computer technology changes, law firms are encouraged to consult periodically with professionals competent in the area of online security. Some recommended security measures are listed below.

  • Inclusion in the SaaS vendor’s Terms of Service or service-level agreement, or in a separate agreement between the SaaS vendor and the lawyer or law firm, of an agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities.

  • If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm will have a method for retrieving the data, the data will be available in a non-proprietary format that the law firm can access, or the firm will have access to the vendor’s software or source code. The SaaS vendor is contractually required to return or destroy the hosted data promptly at the request of the law firm.

  • Careful review of the terms of the law firm’s user or license agreement with the SaaS vendor including the security policy.

  • Evaluation of the SaaS vendor’s (or any third party data hosting company’s) measures for safeguarding the security and confidentiality of stored data including, but not limited to, firewalls, encryption techniques, socket security features, and intrusion-detection systems.4

  • Evaluation of the extent to which the SaaS vendor backs up hosted data.

The state bar groups that have weighed in on cloud computing have suggestions and guidelines that are fairly consistent, with the occasional quaint throwback, like the Vermont Bar’s suggestion that lawyers carefully “consider whether certain types of data (e.g. wills) must be retained in original paper format.”

The American Bar Association has a good rundown of the variations in cloud computing opinions state by state. And in fact, the ABA gives legal cloud computing a significant endorsement in its own evaluation of the technology.

"A legitimate argument can be made that files stored on the vendor's servers are more secure than those located on a typical attorney's PC, as the vendors often employ elaborate security measures and multiple redundant backups in their data centers," ABA officials wrote.

Legal Cloud Computing for the Provider

The important element for service providers is to recognize that in a world rapidly migrating to the cloud with little compunction, the legal vertical is taking a measured approach to the technology with some serious discussions of the underlying ethics as they pertain to their profession.

Understanding these ethical considerations can help a cloud service purveyor hit the key points of concern when pitching law-firm clients and crafting their practices with a fine, value-added focus on legal cloud computing that resonates with this profitable vertical.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Want more articles like this?

Subscribe to Channelnomics for a daily newsletter roundup direct to your inbox

More on Channel Business

Just say ‘no’ to nostalgia


Success = planning + growth

For the technology channel, growth is key to success, but that growth won’t happen by itself


IoT set to rocket - Splunk

Exec says IoT adoption will spike rapidly just like cloud


Salesforce partners challenged to keep up amid ISV push

Channel execs say partners will need to leverage enablement resources to keep up with Salesforce as it looks to increase ISV business

Visitor comments
Add comments
blog comments powered by Disqus

Channelnomics story of the month - September 2015

Check out which piece the Channelnomics team liked best


Size matters: MSPs need to strike the right balance

Too small and you may not be able to stay on top of what's happening in the channel. Too big and you may just lose your edge


Just say ‘no’ to nostalgia

Agility noun agil·i·ty \ə-ˈji-lə-tē\ : the quality or state of being agile : nimbleness : dexterity...


Vendor Q&A Series: Heather Tenuto, ShoreTel

The latest channel exec to sit in the Channelnomics hotseat is ShoreTel's VP of worldwide channel programs and sales enablement