Posted Aug 02, 2012 10:30 pm CDT
When it comes to small law firms ethically practicing “in the cloud,” knowing what questions to ask can be as important as the answers.
Philadelphia attorney Daniel Siegel clued in his audience to some state ethics opinions that highlight those questions in his presentation, “Moving Your Practice to the Cloud Safely and Ethically,” at the ABA Annual Meeting in Chicago on Thursday.
Small law firms may feel underpowered facing big cloud computing vendors, and giants like Google and Apple’s iCloud have elements in their generic terms of service that are ethically unacceptable under rules of professional lawyer conduct.
But Siegel rules out avoiding Internet practice all together. “Yes there are issues,” he says, “but … we need to be prudent, as with any other technology“ lawyers have come to depend on. So questioning vendors on what security, access and service they provide is as necessary as with any other legal tool.
Not surprising was his selection of the Pennsylvania Bar Association’s Formal Opinion 2010-200 (PDF)—Siegel helped write it. But he also cited the Iowa State Bar Association Ethics Opinion 11-01 (PDF) as giving “the most practical list of things lawyers must consider” when choosing vendors to store client information and collaborate on the Internet.
Among the most important queries Siegel cited is whether a password is required to access the stored data—something that may be assumed. But if the answer is no, the potential vendor is severely lacking in security. Using a vendor who has a third party audit its security is another must, as is having your data stored on dedicated server rather than a shared one. And make sure that server is in the U.S., because rules in foreign nations may make promises of security unenforceable if the data is there.
Siegel split his presentation between the scary and the solutions, but one other well-used Net tool got some attention: “The least secure communication is email,” he says, noting that it can bounce around the Internet and be illicitly accessed anywhere along the way.
Emphasizing that a good portion of cloud security is in in-office procedures, he says his firm includes in its engagement letter issues like whether normal email can be used or if encrypted mail or other methods are necessary.
And some information, like confidential or court-sealed documents, should never be put on the Web. As he notes, “Coca-Cola is not going to put its formula online.”