“Reasonable Care” in the Cloud: Decision-Making Pointers
Many firms use cloud computing services for remote access to data, email filtering, contacts and calendars, system backups and other hosted IT functions. In particular, lawyers are finding that cloud transfer and storage services (like Box, Dropbox, Google Drive and iCloud) are a great way to access client materials on their smartphones, tablets or off-site computers when working away from the office.
According to state ethics authorities that have spoken on the topic and the American Bar Association Commission on Ethics 20/20, a firm or an individual attorney may store client materials in the cloud ethically, provided that the lawyer takes reasonable care to protect the confidentiality of confidential client information. Most of these opinions explain that “reasonable care” includes learning enough about the technology you chose to use to make an informed decision about where to store client materials and staying up to date on developments in whatever technology you decide to use.
Steps to Address Cloud-y Ethical Issues
Using reasonable care to protect client confidences is nothing new for lawyers, of course—we make decisions about protecting client confidences when we read files on a crowded subway, discuss matters in elevators, decide what can be included in an email, or even take written notes during a conversation. But what might “reasonable care” entail in the context of cloud computing? While admittedly not comprehensive, here is a list to consider.
1. Know that the cloud will not be appropriate for all clients and materials.
- You need to think carefully about the types of clients you handle. Clients who work in heavily regulated industries or who are extremely security-conscious (for whatever reason) may not permit any of their materials to be stored in the cloud.
- You must decide what can be stored in the cloud on a document-by-document basis. Publicly available information, like PDFs downloaded from PACER, can easily be stored in the cloud—but with more-sensitive documents you may decide to apply additional encryption before you move the materials to the cloud, or even to your tablet through cables.
- Even when you decide that a copy of a client-related document may be stored in the cloud, you should probably not store the only copy of an important document there.
- Know your options for the various materials you will store. Different cloud service providers may be appropriate for different client materials, depending on the sensitivity of each document.
2. Assess the agreements of every cloud service provider you use.
- Read the promises being made concerning your data—especially any promises regarding what notice the provider will give you if someone else seeks access to your materials—and consider whether and how those promises can be enforced.
- Find out where your data will be kept, how it will be backed up, who will have access to it, and whether it will really be deleted from the cloud service when you delete it or when you close your account with the provider.
- Check online periodically for any changes to the agreement and, of course, whenever you get an e-mail notifying you that the terms of service have changed. Remember to save copies of all your latest agreements, too.
3. Keep informed—and keep notes.
- Search for news reports regarding security breaches or service outages at any cloud service provider you intend to use. You might also want to set up a news feed to track reports on the topic.
- If you don’t see particular information you need online or in the provider’s documentation, or you don’t understand the information you’re given, call the company for clarification. Or choose another service.
- Keep notes about your conversations with each service provider, as well as other research you’ve done to support your decision, in case a problem ever arises.
4. Know that sometimes you get what you pay for.
- You can find free cloud storage options, but you may get better security or better service with a paid account from the same provider.
- Even if your materials are secure once they get to the cloud, you should not use free, public, unencrypted networks to send them. Use your firm’s secure cloud-access system. If no firmwide system is available, use a password-protected home network or consider investing in a mobile hotspot so you can create a secure connection wherever you are.
Cloud storage services can give you flexibility in how and where you practice, and can allow you to be more responsive to your clients. You can use these services ethically, but it will take some due diligence and some decision-making each time you entrust clients’ materials to the cloud.
Carol J. Gerber is a lawyer and the owner and founder of Gerber Amalgamated LLC, a legal technology consulting company devoted to helping attorneys make better use of technology in their practices.
»How I Increased My Billable Time by $2,000 Each Month (and Actually Worked Less)
»Learn More About the Easiest Way to Get Paid.
»Quality Attorney Leads. Reach Prospects Online. 10 Free Leads.
»Free Demo: JuraLaw for Case, Calendar and Docket Management.
»Automate Your Documents. Save Time. Save Money! Free 90-Day Trial.