So what then is the ethical standard to which lawyers using the cloud are held? Fortunately, it is the same standard as in all other instances relating to the maintenance of client confidences — reasonable care. For attorneys wondering what, exactly, constitutes reasonable care when it comes to the cloud and other online technologies, the Ethics Committees have provided some guidance.
Each state has provided (generally non-binding) guidelines and, as with everything else in the legal world in the US, each state’s guidelines are slightly different. However, despite these differences, several common themes have emerged:
- Conduct due diligence on your cloud provider, including a review of their service agreements and security measures.
- Ensure that you have unhindered ownership of and access to the data, including the ability to erase data permanently.
- Consult an expert if a lawyer’s technology expertise is lacking.
- Ensure adequate backup of your data.
- Evaluate the nature of the data to be stored on the cloud and, in the case of highly confidential information, consider getting client approval.
- Stay abreast of changes in privacy laws/regulations, the law of attorney-client privilege, and technological developments that may affect privacy/privilege.
- Vendors must have an enforceable obligation to preserve confidentiality and security and should notify lawyers if served with forces for client data.
Fortunately, the major cloud platform providers, upon which the most-reputable cloud applications are built — such as Microsoft Azure — have made complying with many of these guidelines relatively easy. Microsoft Azure has numerous industry and government data security certifications, including HIPAA/HITECH. As many civil litigation firms deal with HIPAA protected data, this certification goes a long way to meeting a lawyer’s ethical requirements. Microsoft Azure also meets with requirement seven – they do not disclose any data without either your consent or a properly executed warrant. In the event they receive a request for access to your data (whether with a valid warrant or without), you will be notified immediately, allowing you to take appropriate steps to meet your ethical obligations.
When selecting any cloud-based system, such as personal injury practice management software, law firms would be wise to seek solutions designed specifically for the Legal Cloud. Certain products have been designed specifically for law firms by lawyer-led teams. This means that client confidentiality, data security, and — by extension — ethical compliance has been built into the very DNA of these systems. What better way to ensure ethical compliance than to subscribe to a system designed for lawyers by lawyers, hosted on HIPAA compliant platforms?
Thanks to the rapid advance of technology, increased client demand, and the cost-effectiveness of cloud-based systems, the legal industry has been forced to quickly address lawyer ethics and the cloud. For the cost-conscious law firm, the tech-savvy lawyer, and all those millennials who are now in law practice, the news is good. Cloud computing is here to stay for the legal industry and ethical compliance is actually easy! Maybe the times really are a-changin’.