The use of cloud computing software – once considered to be rare and unusual – has become increasingly commonplace in law firms. This is because web-based computing provides lawyers with a wealth of benefits, including mobility, flexibility, and affordability. Because of these conveniences, more lawyers are using cloud-based software to store and access documents, track time and billing, manage their contacts and calendars, accept online credit card payments from clients, and interact and collaborate with clients, experts, co-counsel, and more.
Another reason lawyers are flocking to cloud computing is because many bar associations have weighed in on lawyers using web-based computing and have concluded that it’s ethical for them do so. For example, in May, the Ohio Board of Professional Conduct green lighted cloud computing and virtual law practices in Opinion 2017-05.
The Board concluded that Ohio lawyers may use cloud computing technologies, such as web-based law practice management software, to run virtual law practices. The Board explained that lawyers must make reasonable efforts to prevent the unauthorized disclosure of confidential client data, such as analyzing “several nonexclusive factors including 1) the sensitivity of the information, 2) the likelihood of disclosure if additional safeguards are not employed, 3) the cost of employing additional safeguards, 4) the difficulty of implementing the safeguards, and 5) the extent to which the safeguards adversely affect the lawyer’s ability to represent clients.”
The Board also emphasized that lawyers who use cloud computing software in their law practices are required to vet third party cloud computing providers and confirm that the vendor understands the duty of confidentiality, and must also ensure that the vendor will maintain and regularly back up law firm data.
Even more recently, the New York City Bar Association opined on the benefits of lawyers using cloud computing in Formal Opinion 2017-5. In this opinion, the Professional Ethics Committee considered an attorney’s ethical obligation to “protect confidential information prior to crossing a U.S. border, during border searches, and thereafter.”
The main conclusions made by the Professional Ethics Committee were:
- Before crossing the U.S. border attorneys must undertake reasonable efforts to protect confidential information;
- At the U.S. border attorneys may disclose clients’ confidential information only to the extent “reasonably necessary” to respond to a government agent’s claim of lawful authority;
- If confidential information is disclosed during a border search, an attorney must promptly inform affected clients.
Importantly, the Committee noted that one of the best ways lawyers can protect client data from disclosure is by ensuring that no data is stored locally on mobile devices. According to the Committee, two recommended methods that keep data off of mobile devices are to encrypt the devices or store the data in cloud: “A lawyer…who handles more sensitive information should consider technological solutions that permit secure remote access to confidential information without creating local copies on the device; storing confidential information and communications in secure online locations rather than locally on the device; or using encrypted software to attempt to restrict access to mobile devices.”
If lawyers choose to forego the Committee’s recommendation and insist on storing data on their devices, the opinion includes additional advice for lawyers attempting to cross the border into the U.S. who face a lawful request to access the confidential client data stored on their devices. The Committee explained that “the attorney first must take reasonable measures to prevent disclosure of confidential information, which would include informing the border agent that the device or files in question contain privileged or confidential materials, requesting that such materials not be searched or copied, asking to speak to a superior officer and making any other lawful requests to protect the confidential information from disclosure. To demonstrate that the device contains attorney-client materials, the attorney should carry proof of bar membership, such as an attorney ID card, when crossing a U.S. border.”
Of course, lawyers who store their data online using tools like web-based law practice management software will be able to avoid taking those additional measures to protect client data, since all client data will be stored securely online and away from the prying eyes of border control agents.
In other words, that’s the real lesson to be learned from both of these opinions: not only is cloud-based computing ethical – in many cases, it’s one of the most secure options for solo and small firm lawyers seeking to protect client confidentiality.