What does weather have to do with the practice of law? It is the term now used to identify web-based storage of a lawyer’s files and records instead of the usual paper files and firm server, backed up on local electronics. It is called Software as a Service (SaaS), or on-demand software. Technology as it has evolved is universally viewed as a requirement for modern lawyers. Clients expect it, but do not expect to pay for it. So, to avoid the high costs of servers, back-ups, installation, maintenance and support, some are turning to subscription services for a fixed fee (example, Dropbox and many others). Of course, the advantage is the management of a cost and then the accessibility of data at any time over a range of devices.
Wonderful: What could go wrong with that? If it can, it will and there have been a number of breaches individually of the lawyer, and the firms as well as the service providers. What then is a prudent lawyer or firm to do?
Like so many things in the law, this area is evolving and starting to gain traction. The ABA 2013 Legal Technology Survey Report looked at this in depth and noted a big jump in use (50% increase from 2012 to 2013) now amounting to about 30% of the respondents reporting its use. Individuals and small firms, along with the West Coast (used to tech businesses) and southern (result of Katrina) lawyers, were the biggest users. A Lexis Nexis study says 2014 is poised to be the year of the cloud in “small law”.
Recognizing our duties to clients to protect their data and confidential communications, “big law” is slower to come over to this so-called cloud storage. As a group, lawyers are slow to accept changes anyway. Bar groups have started to examine the ethics of cloud storage and at last count, 17 jurisdictions have all agreed that cloud computing is ethical. (See, e.g., New York City Bar Report December 2013). A trend is developing toward acceptance, it seems. I suspect we shall see more use there, and more gradual acceptance, particularly where clients want it for their use.
Bear in mind that the professional rules still apply. The holdings stress all the same duties as before and therefore put the lawyer in a real due diligence situation before using. Lawyers’ actions with regard to safekeeping fall into the reasonable conduct standard, and not strict liability or as a guarantor of confidentiality.
The lawyer or firm needs to be able to document each step they took to select a provider and to produce it all later to show they acted reasonably. The vendor’s reputation will matter, their track record, their service agreement, their coverage (cyber insurance) and yours. You will really need to review their written terms and make sure they have the same duties you have. Cyber insurance issues, if you have acquired such coverage, need to be reviewed and compared so there are no gaps.
Sure there will be risks to balance against any convenience, affordability, or increased production. While most lawyers do not want to be out on the “bleeding edge” of new things, this may quickly evolve into an accepted method for law firms to store data. There was always an old school risk of server damage and physical loss to your files, so any cloud based use will be a balancing of that new risk as more Bars approve the process. At one point we were told not to use cell technology for client issues. Like that example, technology evolves and lawyers have to adapt to meet needs of clients and their expectations.
See, Amicus Attorney, Answers to the Top Five Questions Law Firms Have About Cloud Practice Management Systems by Seth Rowland posted February 19, 2014.