Lawyers have a responsibility to maintain client confidentiality, and part of that responsibility includes protecting client information. This requirement often leads to questions about whether or not a lawyer’s use of the cloud is ethical and provides enough protection of client data.
Several opinions have been issued by bar associations granting lawyers the ability to utilize the cloud. With that permission, however, lawyers should be careful in choosing providers with specific requirements and take care to ask certain questions prior to choosing.
Using a cloud provider, while much of the behind the scenes pieces are not up to the attorney, doesn’t mean a lawyer has no level of responsibility. Rather, lawyers are expected to exercise reasonable care in choosing a cloud provider in order to keep client information confidential.
One of very first states to issue an opinion, New York, highlighted this requirement in Opinion 482: “a lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to ensure that confidentiality is maintained.”
More than 20 states have issued opinions concluding that lawyers can utilize cloud computing include:
- New Jersey
- North Carolina
Questions lawyers should ask potential providers to ensure reasonable care has been taken includes:
- Will the data be mine and accessible in the event our partnership/contract is terminated or canceled?
- In which state or country is the business and its servers located?
- Who has access to passwords?
- What physical security is in place?
- Is the data encrypted?
- How financially stable is the company?
Lawyers should also be diligent in keeping up with technology trends to ensure they are continuing to provide their clients with secure providers to best protect their confidentiality.