Already Plugged In
You're probably already using cloud computing and don't even know it. For years, lawyers have been using cloud computing in their law offices without realizing it. Case in point: if you use Westlaw or LexisNexis for legal research, then you've been conducting legal research in the cloud.
Likewise, if you've ever used a web-based email platform, such as Gmail, Hotmail, or Yahoo mail, then you've used a cloud-computing service. And, even if you don't personally use a web-based email service, if you've exchanged emails with a client who uses one of these email platforms, then the emails that you've sent to your client—which likely contain confidential client information—are now stored in the cloud.
If you've used Wikipedia, you've accessed an encyclopedia based entirely in the cloud. When you interact with online music or videos, such as listening to music on Pandora, watching a television show on Hulu, viewing YouTube videos, or streaming a movie from Netflix, you're consuming media stored in the cloud.
So, like it or not, you're already in the cloud. The next step is to ensure that you understand the risks and ethical issues presented by the use of cloud computing in your law practice.
Absolute Security Is an Impossibility
Lawyers have always entrusted confidential data to third parties, including process servers, court employees, cleaning crews, summer interns, document-processing companies, external copy centers, and legal-document delivery services. Absolute security has never been required in these situations because absolute security is an impossibility. Rather, due diligence requires that you take reasonable steps to ensure that confidential client data remains safe and secure. Cloud computing is no different.
Accordingly, regardless of who has access to your data or what format the data takes, the steps you take should always be the same: you should ensure that the same confidentiality standards that are applied to physical client files apply to computer-generated data as well. In other words, it is your duty to ensure that the third parties to whom you entrust your data and who have access to the computer servers that house your data meet the same security obligations as any other third party to whom you entrust confidential client files.
That being said, cloud computing, by its nature, involves unique risks. These include security, ethical, and privacy risks as well as the possibility of temporarily or permanently losing access to your data. The best way to ensure that you understand these risks is to ask the right questions. Make sure that your cloud-computing vendor's responses are satisfactory. Negotiate an agreement that protects both your interests and your clients' data.
As discussed below, part of your ethical obligation as an attorney is to carefully assess these risks The steps that you will need to take to meet this standard will vary depending on the ethical rules applicable in your jurisdiction and the ways in which you seek to use cloud computing in your law practice.
A Question of Ethics
Most U.S. ethics commissions have concluded that it is ethical for lawyers to use cloud computing. The American Bar Association recently published a very useful chart comparing all of the cloud-computing ethics opinions handed down in the United States. That chart can be found here.
For illustrative purposes, consider Ethics Opinion 11-01, handed down in September by the Iowa Committee on Practice Ethics and Guideline, which concluded that:
When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.
The committee also provided the following very useful list of questions to ask any technology vendor, not just cloud-computing providers. The suggested questions focus on determining how accessible and secure the data will be:
- Will I have unrestricted access to the stored data?
- Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
- Have I performed due diligence regarding the company that will be storing my data?
- Are they a solid company with a good operating record and is their service recommended by others in the field?
- What country and state are they located and do business in?
- Does their end user's licensing agreement (EULA) contain legal restrictions regarding their responsibility or liability, choice of law or forum, or limitation on damages?
- Likewise does their EULA grant them proprietary or user rights over my data?
- What is the cost of the service, how is it paid and what happens in the event of non-payment?
- In the event of a financial default, will I lose access to the data, does it become the property of the company or is the data destroyed?
- How do I terminate the relationship with the company?
- What type of notice does the EULA require?
- How do I retrieve my data and does the company retain copies?
- Are passwords required to access the program that contains my data?
- Who has access to the passwords?
- Will the public have access to my data?
- If I allow non-clients access to a portion of the data, will they have access to other data that I want protected?
- Recognizing that some data will require a higher degree of protection than others, will I have the ability to encrypt certain data using higher level encryption tools of my choosing?
So, now that you understand your ethical obligations, the next step is to assess the legal cloud- computing platforms currently available to lawyers.
A Plethora of Options
There are an assortment of cloud computing software platforms developed specifically for lawyers. To begin your evaluation of the different cloud-based legal providers, review this handy chart provided by the ABA, which provides a comparison of billing and law practice management software, both cloud and server-based. Next, consider the steps that follow in order to choose the platform that will be the best fit for your firm.
First, you need to decide what type of cloud computing product you would like to have. Are you in the market for a full-scale law-practice management system that offers contact management, calendaring, billing, invoicing, and document management? Or are you simply looking for a single purpose system, such as one that offers only billing, document management, or online storage?
Once you decide which type of platform you need, examine the features offered by the different legal cloud-computing platforms. Compare the basic features of each system and narrow your search down to two or three platforms that offer most of the features important to you.
Bear in mind one major advantage of cloud-computing systems is how easy it is for the developer to implement changes based on user feedback. Don't eliminate an otherwise strong contender simply because the platform lacks one or two features on your wish list. Contact the provider and ask about the missing features. It's entirely possible the provider intends to add those features in the very near future.
The interface is extremely important, since you'll be spending a lot of time using the platform. Is it intuitive? Does it make sense or do you find yourself constantly struggling to figure out how to add and manipulate information in the system? Can you dive right in and use it or does it seem as if you'll need multiple webinars to figure out how to even get started? Make sure the interface works for you and your staff.
The old adage, "you get what you pay for," applies to some extent to cloud platforms. That being said, one of the benefits of moving to a cloud-based system is that it should be more affordable than owning and maintaining your own servers and paying for the annual licensing fees of server-based software. If the monthly fees of one legal cloud-computing company are higher than those of competitors' products which offer similar features, you may want to think twice before signing up.
Consider how difficult the process of transitioning to the new cloud-based system will be. Will it be easy to import data into the platform from existing programs? Will you have to manually enter preexisting data into the system and if so, how long will that take? Is the cloud-computing platform compatible with other cloud-based systems your law office already uses? Will you need to continue using those other cloud services or does the new system effectively replace them, thus making compatibility a nonissue?
You're on Your Way
Once you've followed these steps, you'll be ready to move your firm to the cloud. It's a big decision—and it's not an easy one. But if you carefully consider your options and do your research ahead of time, you'll be well on your way to computing in the cloud.
Keywords: litigation, solo practitioners, small firms, cloud computing, data, ethics, National Institute of Standards and Technology, risks, legal providers