Clouds from Kamil Porembiński on Flickr. Used under the Creative Commons BY-SA 2.0 License.
Everyone is talking about the cloud. While we Northwest lawyers are no strangers to clouds, you might be confused about what cloud computing is, exactly.
Cloud computing, including SaaS (Software as a Service) and STaaS (Storage as a Service), is the delivery of computing resources over the Internet. If you’ve ever used Flickr, Google Docs, or DropBox, you’ve played in the cloud.
When it comes to client data — as opposed to the vacation pictures you shared on Flickr — lawyers need to engage in some due diligence when subscribing to a cloud service.
Here are some things to consider before using cloud storage or services:
The duty of confidentiality applies. A lawyer may use online data storage systems to store and back up client confidential information as long as the lawyer takes reasonable care to ensure that the information will remain confidential and that the information is secure against risk of loss. See WSBA Advisory Opinion 2215.
Select the right vendor. Lawyers need to exercise due diligence in selecting vendors or service providers who offer cloud services. This includes:
- Evaluating the vendor’s practices, reputation, and history.
- Reviewing vendor agreements concerning data encryption and whether the vendor recognizes the lawyer’s duty of confidentiality and agrees to handle the information accordingly. What access do the vendor’s employees have to confidential data? Will the vendor sign a confidentiality agreement?
- Ensuring reasonable measures for secure backup of the data that is maintained by the vendor and make certain the lawyer has access to the data at all times.
If you’re interested in cloud services, the Law Office Management Assistance Program offers further guidance on this topic.
Jeanne Marie Clavere. Jeanne Marie is the WSBA Professional Responsibility Counsel and advises members of the bar on the Rules of Professional Conduct as they apply to WSBA Advisory Ethics Opinions and the Rules for Enforcement of Lawyer Conduct. Prior to coming to the bar in 2010, Jeanne Marie was in private practice in King and Snohomish County for over 20 years.
Contact Jeanne Marie at jeannec@wsba.org.
Julia Nardelli Gross. Julia is the Bar’s Online Communications Specialist. She manages the Bar’s social media presence and website, and works on other member communications.
Originally from Massachusetts, Julia moved to Seattle to attend Seattle University School of Law. Outside of the office, Julia spends her time cooking, concocting natural cleaning supplies and beauty products, and travelling with her husband and daughter.
Contact Julia at juliang@wsba.org or 206.733.5951.
Pingback: Keep Your Clients Safe in the Cloud | NWSidebar
WSBA
Another good question, Mark. It’s more of a legal advice issue though, so not something we can provide an answer for. Sorry it’s not the answer you’re looking for.
Here’s a link to Google’s procedures for accessing a decedent’s email content: https://support.google.com/mail/bin/answer.py?hl=en&answer=14300. I couldn’t find anything on accessing Google Drive. I’d also note that it says “content” and not the account itself. If you research the issue, consider sharing your information with other attorneys via a blog post here! We welcome guest contributions!
markpattersonlaw
So I leave my Google username and password where? With someone I trust not to go into my cloud while I am alive? Sort of the ultimate saftey deposit box that cannot be drilled, isnt it?
This of course raises another issue: can we expect a will saved to a cloud to be admitted to probate? Around these parts the Court Commissioners want the original or a damn good reason why you dont have an original. They even suspect an original signed in black ink to be a copy.
I am thinking proving the lost will is the procedure, assuming we ever get that far….
WSBA
Great question!
You wouldn’t have a fool for a client if you apply the same standards of checking and testing the viability and confidentiality standards of your personal Google cloud as you would storing your clients’ information. Just be sure your loved ones know how to access your estate plan!
markpattersonlaw
Much like the cobblers son who never had shoes, my father and I never drew up papers the whole time we practiced together about what that meant. If we had, we most certainly would have lost those papers somewhere, as we chronically spend all our energy on the clients needs rather than our own.
Recognizing this shortcoming and having finally faced mortality myself, I uploaded my own do it yourself estate plan to my own personal Google Cloud.
So, Jeanne, what do you think? Is that due diligence, using Google, or do I have a fool for a client and a lawyer?
Pingback: Cloud Considerations for Health Care Industry Clients | NWSidebar