These days, more and more lawyers are using web-based legal management software. In fact, according to the American Bar Association’s Legal Technology Resource Center’s 2013 survey, the number of lawyers who used web-based software increased nearly 10% since last year, with solo lawyers leading the way:
Asked if they had ever used Web-based software, 30.7 percent of respondents answered affirmatively. That number is up from 20.9 percent in 2012 and 15.5 percent in 2011. Solo practitioners were the most likely to respond affirmatively at 40.2 percent.
In fact, the numbers are likely much higher. That’s because lawyers, like the general population, often use cloud computing services without even realizing it. For example, many lawyers often email with clients using web-based email services such as gmail or Hotmail and are completely unaware that they’re using email in the cloud.
Even so, according to the ABA survey, some lawyers continue to be reluctant to use cloud-based legal management software in their law practices due to confidentiality and security concerns related to outsourcing the handling of their client’s data to third parties. This, despite the fact that lawyers have always entrusted confidential data to third parties. Consider all of the people that typically have access to client files: process servers, court employees, building cleaning crews, summer interns, document processing companies, external copy centers, and legal document delivery services.
In all of these situations absolute security has never been required. Instead, ethics committees across the United States have uniformly concluded that due diligence requires that lawyers seeking to use web-based legal management software must take reasonable steps to ensure that confidential client data remains safe and secure.
This concept is summed up quite nicely in Ethics Committee Advisory Opinion #2012-13/4, which was recently handed down by the New Hampshire Bar Association Board of Governors and addressed the issue of whether a lawyer or law firm may use web-based legal management software:
It bears repeating that a lawyer’s duty is to take reasonable steps to protect confidential client information, not to become an expert in information technology. When it comes to the use of cloud computing, the Rules of Professional Conduct do not impose a strict liability standard. As one ethics committee observed, “Such a guarantee is impossible, and a lawyer can no more guarantee against unauthorized access to electronic information than he can guarantee that a burglar will not break into his file room, or that someone will not illegally intercept his mail or steal a fax.”
In other words, absolute security is an impossibility and any time you entrust your data to a third party, you incur risk. This applies equally to any type of outsourcing, whether it is the outsourcing of administrative tasks or the management of your physical or digital data. So, regardless of the form the client information takes, the obligation remains the same: to take reasonable steps to ensure that sensitive client information remains confidential.
To read summaries of the New Hampshire opinion and other jurisdiction’s ethics opinions on cloud computing and the use of legal management software in your law practice, check out the American Bar Association’s useful comparative chart, which can be found here.