Briggs Law Group is a boutique Phoenix law firm that specializes in corporate legal
counsel services, business transactions, representation before government agencies,
and campaign finance and election law advice.
Photo Credit: FutUndBeidl
Cloud computing and legal ethics are an important piece of knowledge every business owner should possess. For businesses and individuals, storing and accessing information on Internet-based systems, also known as the “cloud,” is a powerful tool that boosts productivity and convenience. However, ethics rules require lawyers to keep client information confidential, which can be problematic when using the cloud to store client information and work product. State bar associations nationwide are struggling to weigh the benefits and risks of cloud computing.
On the plus side, cloud-based systems free up attorneys from their desks, allowing them to access information from anywhere they can get an internet connection. I know several lawyers who use iPads and mobile phones for most of their client work. For solo and small firm practitioners who do not have the resources to acquire and maintain robust in-house computing systems, the cloud has been a game changer. However, client confidentiality can be put at tremendous risk if lawyers who use the cloud do not implement effective electronic security measures.
Despite the risks and the ethical grey area in which they reside, increasing numbers of lawyers are using the cloud for their practices. From 2012 to 2013, the percentage of attorneys using the systems jumped from 21% to 31%, according to the American Bar Association’s Legal Technology Survey Report.
Small firms and solo practitioners were more likely than large firms to store information on the cloud, although that didn’t necessarily help them sleep well at night ― 72% of lawyers who say they use the cloud said security of that data remains a large concern. Among those not yet using the cloud in their law practice, 58% attributed their reluctance to security concerns.
With cloud computing becoming an inevitability, bar associations nationwide have begun to weigh in on how it impacts the regulation of lawyers. This dance is not new; similar flurries of activity occurred when fax machines, mobile phones and email were invented. About 30% of state bar associations have issued ethical opinions about how lawyers can use the cloud without violating their duties of client confidentiality.
The Arizona State Bar opinion, issued in 2009, says attorneys must take reasonable precaution to ensure the security of confidential client information being stored electronically ― presumably both on in-house computers and in the cloud ― such as using firewalls, passwords and data encryption. Those precautions need to be developed or reviewed by a technology expert, and attorneys must frequently review security measures so upgrades keep pace with rapidly evolving technology and the emerging ways hackers gain access.
Other states have issued similar edicts that allow cloud-based storage, as long as they feature robust security measures. Some opinions have gone a little further in their requirements.
Alabama, for example, requires lawyers to have working knowledge of the security measures that the cloud service provider uses. Attorneys must also stay up to date on emerging data security trends. California, Massachusetts and New Hampshire say attorneys should give clients the opportunity to opt out of cloud-based systems, particularly when it comes to sensitive information or trade secrets.
Several states’ ethics rules require lawyers to delete all digital client information when the representation of that client ends. In New York, lawyers are held accountable for ensuring their cloud vendor uses best security practices and must personally investigate security breaches.
This emerging area of law is sure to see more changes as the technology evolves and precedents are set. For attorneys, the balance is always providing the best client service — both in terms of convenience and security.