Everyone is talking about the cloud. While we Northwest lawyers are no strangers to clouds, you might be confused about what cloud computing is, exactly.
Cloud computing, including SaaS (Software as a Service) and STaaS (Storage as a Service), is the delivery of computing resources over the Internet. If you’ve ever used Flickr, Google Docs, or DropBox, you’ve played in the cloud.
When it comes to client data — as opposed to the vacation pictures you shared on Flickr — lawyers need to engage in some due diligence when subscribing to a cloud service.
Here are some things to consider before using cloud storage or services:
The duty of confidentiality applies. A lawyer may use online data storage systems to store and back up client confidential information as long as the lawyer takes reasonable care to ensure that the information will remain confidential and that the information is secure against risk of loss. See WSBA Advisory Opinion 2215.
Select the right vendor. Lawyers need to exercise due diligence in selecting vendors or service providers who offer cloud services. This includes:
- Evaluating the vendor’s practices, reputation, and history.
- Reviewing vendor agreements concerning data encryption and whether the vendor recognizes the lawyer’s duty of confidentiality and agrees to handle the information accordingly. What access do the vendor’s employees have to confidential data? Will the vendor sign a confidentiality agreement?
- Ensuring reasonable measures for secure backup of the data that is maintained by the vendor and make certain the lawyer has access to the data at all times.