Study after study is concluding that there are compelling business reasons for law firms to move data to the cloud such as easy collaboration and increased productivity. See, Forrester Total Economic Impact of Office 365 (2016) (small businesses report 154% ROI and payback with 5 months).
Supporting this movement in legal vertical, there is also a unanimous chorus of ethics opinions from around the country that cloud computing is appropriate provided the law firm takes “reasonable care” to make sure that their client’s confidential information is protected.
In fact, the ABA noted that cloud-based systems will frequently have better security and redundancy than traditional premise-based solutions:
a legitimate argument can be made that files stored on the vendor’s servers are more secure than those located on a typical attorney’s PC, as the vendors often employ elaborate security measures and multiple redundant backups in their data centers.
What constitutes “reasonable care” varies from practice-to-practice, case-to-case, and state-to-state … but the inquiry involves the weighing of several questions:
- How does the vendor safeguard the privacy/confidentiality of stored data?
- How often is the user’s data backed up? Does the vendor backup data in multiple data centers in different geographic locations to safeguard against natural disaster?
- What is the history of the vendor? Where do they derive their funding? How stable are they financially?
- Can I get my data “off” their servers for my own offline use/backup? If I decide to cancel my subscription to the software, will I get my data? Is data supplied in a non-proprietary format that is compatible with other software?
- Does the vendor’s Terms of Service or Service Level Agreement address confidentiality and security? If not, would the vendor be willing to sign a confidentiality agreement in keeping with your professional responsibilities?
States have also uniformly reached the conclusion that as long as the law firm uses reasonable care when storing data in the cloud, that both the attorney-client privilege, and the work product privilege, are preserved. For example, the State Bar of California’s Standing Committee on Professional Responsibility and Conduct issued an opinion that the “transmission of information through a third party reasonably necessary for purposes of the representation should not be deemed to have destroyed the confidentiality of the information ….” California Opinion 2010-179
Since the late 1990’s, LawToolBox has taken steps to vigorously safe-guard the confidential information of law firms and their clients, to employ redundant backup of data (both onsite and offsite), and to provide methods for law firms to retrieve and off-load their data.