Attorneys May Use Cloud Software, But Due Diligence Is Necessary
Lawyers don’t sign away the responsibility for ensuring their client’s confidentiality when they purchase software on the cloud, but the potential risks associated with software as a service don’t necessarily outweigh the benefits.
The Nebraska State Bar Association Ethics Advisory Committee issued an opinion recently that says lawyers who use cloud-based software must undertake reasonable efforts to prevent inadvertent or unauthorized access to client information, maintain confidentiality of the information and establish safeguards to ensure information is protected from loss, breaches, business interruptions and other risks associated with the emerging technology.
The opinion, No. 19-01, was issued in response to a question about whether an attorney may transmit information related to the representation of a client over the internet and allow that information to be stored on, or assessed through, third-party, off-site services – aka “the Cloud.”
In its analysis, the committee said lawyers and law firms now routinely rely on specialty software for case or practice management, time tracking and billing, document assembly and dissemination, and trial preparation and presentation. In recent years, some of those software providers have shifted to products that are accessed through a web browser with information stored on a remote, third-party server instead of a lawyer’s or firm’s file server.
“At the intersection of a lawyer’s confidentiality obligation and competence obligation to ‘keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology,’ is a lawyer’s obligation to undertake reasonable efforts to protect client information when using technology,” according to the opinion.
A consensus position has developed nationally that permits lawyers to store client information in cloud services so long as reasonable efforts are undertaken to protect the information – such as passwords and encryption.
The Iowa State Bar Ethics and Practice Committee issued an opinion in September 2011 about cloud computing, noting that “the degree of protection to be afforded client information varies with the client, matter and information involved,” and lawyers have an obligation to assess the degree of protection needed in each case and act accordingly.
The Iowa opinion said lawyers should review the ability to access data through alternative means, financial agreements and whether access to data can be maintained if the relationship with the software provider is terminated.
“As new technologies emerge, the meaning of competence may change, and lawyers will be called upon to employ new technological tools to competently represent their clients,” the Nebraska opinion concludes. “Given that technology grows and changes rapidly, this Opinion follows the views of other states and declines to adopt specific requirements before an attorney uses the Cloud.”
User login
Omaha Daily Record
The Daily Record
222 South 72nd Street, Suite 302
Omaha, Nebraska
68114
United States
Tele (402) 345-1303
Fax (402) 345-2351