Law firms increasingly turn to “cloud services” for processing and storing confidential client information because of their greater flexibility and efficiency. Use of “the cloud,” however, outsources the administration, physical control, and maintenance of sensitive data to a third-party vendor, which raises IT security and data privacy risks.
Recent amendments to the ABA Model Rules of Professional Conduct (Model Rules) indicate less leeway for lawyers who inadvertently violate their ethical obligations through the use of technology, including such ubiquitous services as cloud computing. While the cloud does not enjoy a single accepted definition, it generally encompasses a variety of products and services that provide on-demand access to remote computing services over the Internet. Cloud services can include: (1) productivity applications such as Google Docs; (2) online document and practice management software such as Rocket; (3) remote data storage, file sharing, and retrieval services such as Dropbox, Carbonite, or iCloud; and (4) web-hosted email services such as Gmail and Hotmail.
Not only can lawyers affirmatively contract with cloud service providers, but they also can access the cloud without realizing it—for example, when using their smartphones, laptops, tablets, or web conferencing services. Whether intentional or inadvertent, the use of cloud services raises a host of ethical issues for lawyers, with accompanying obligations and duties. This article reviews the ABA Model Rules relating to the use of technology, in particular the rules regarding competence, confidentiality, and outsourcing of nonlegal services, and suggests considerations for you as a lawyer to keep in mind when taking advantage of, or otherwise encountering, cloud services.