Moving your law firm’s data to the cloud: Easily said, easily done
This blog post is for informational and educational purposes only. Any legal information provided in this post should not be relied upon as legal advice. It is not intended to create, and does not create, an attorney-client relationship and readers should not act upon the information presented without first seeking legal counsel.
In a profession notorious for being slow to change, cloud-based solutions for many of the traditionally office-based systems like calendaring, matter tracking, remote access to email, document storage, and backup are gaining traction with law firms, especially small and mid-sized law firms.
A recent survey by LexisNexis, a popular legal research and services provider, indicates that half of the small law firm lawyers who responded to their survey were more likely to use the cloud for their practice in 2014 and that more than 70% of attorneys who responded believed their law firms would move aspects of their practice to the cloud in the coming year.
There are many benefits to using the cloud as the backbone of a legal practice’s file and information management. First, storing data in the cloud increases a practice’s ability to be mobile. Documents saved in the cloud allow attorneys, though a secure portal, to access and analyze their files from home, the road, court or an off-site meeting.
Second, cloud-based solutions allow a law firm to leverage one of a cloud provider’s greatest skills, data security. Unlike many law firms, data security is a core competency of cloud providers. Therefore law firms, especially those that represent clients in industries that impose strict regulations for information security such as healthcare (HIPAA and certain state data protection regulations), finance (PCI, Gramm-Leach-Bliley and SEC regulations), and education institutions. (FERPA and state laws on security of student’s information), may find it easier and less expensive to meet data security requirements through a cloud-based solution.
Third, the cloud allows for better disaster preparedness and recovery because cloud-based files are not as susceptible to destruction in the case of a fire, flood, or similar disaster. Consistent access to the firm’s files can facilitate better relationships with clients and the court, and help firms remain operational through such natural disasters like Superstorm Sandy in the Northeast or the last year’s tornados in and around Oklahoma City, Oklahoma. Finally, the scalability of cloud-based solutions allows a firm to pay for only the space that it needs to service the practice’s document management and daily operational needs like email, calendaring, and matter management while providing for flexibility as the practice grows.
Employing cloud-based solutions for the practice of law is not without its challenges, especially for attorneys in fields that require extra levels of data security like healthcare, finance, or education. In most states, ethics and disciplinary rule obligations regarding the confidentiality of client information exist for all attorneys and give many lawyers pause when deciding whether to move some or all of their practice’s information to the cloud.
However, many state bar associations have held that an attorney can use cloud-based solutions if he or she exercises due diligence to take “reasonable care” to maintain confidentially and ensure data security. The New York City Bar Association’s recent review of state ethics opinions highlight a few central themes:
- Attorneys must stay abreast of changes in technology and current safeguards and utilize current technology according to the needs of the firm’s matters and the client’s wishes;
- Attorneys must ensure the security and confidentiality of client information by means of encryption technology and other security provisions in the cloud contract;
- Attorneys must retain ownership of the information and provide for the safe and full return of the information at the termination of the relationship with a cloud provider;
To meet these and similar state requirements, a cloud provider contract should include provisions that address assurances of “up time” of the cloud service, the security measures employed and level of encryption of the data in transit and at rest, limitations on the provider’s access to the data once it resides on provider equipment, data ownership, a procedure for any breach-related notifications, and a method for the return of any data hosted at the conclusion of the relationship.
In addition, use of a hosted solution is best effectuated through implementation of firm-wide information management policies and training of the attorneys and staff on those protocols.
Ultimately, when considering your firm’s options with regard to moving its assets to the cloud, the devil is in the details. Engaging a reputable cloud provider and negotiating adequate protections into a services contract should satisfy the legal and ethical concerns associated with cloud technologies, allowing the firm to enjoy benefits that come with the flexibility, mobility, and cost-savings of cloud-based legal practice solutions.
The post Moving Your Law Firm’s Data to the Cloud: Easily Said, Easily Done appeared first on Logicworks Gathering Clouds.
- » Facebook records exposed on AWS cloud server lead to more navel-gazing over shared responsibility
- » Opinion: Clearing up multi-cloud confusion
- » Why IT security solutions spending will reach $133.8 billion
- » Why Africa’s cloud and data centre ecosystem will – eventually – be a land of serious opportunity
- » Financial services moving to hybrid cloud – but rearchitecting legacy systems remains a challenge