Legalethics.com

Cloud Services — DropSmack

Peterk — Mon, 29 Apr 2013 01:07:04 +0000

An interesting article describing the use of DropSmack to target networks via DropBox. In addition to broader considerations lawyers should consider before using cloud services, developments like this highlight the need for education regarding technology and security.

California lawyers may operate virtual law practices in the cloud

Peterk — Thu, 25 Apr 2013 01:55:39 +0000

California lawyers may maintain a virtual law office in the cloud where communications with the client, and storage of and access to all information about the client’s matter, are conducted solely via the internet using a third-party’s secure servers. The lawyer may be required to take additional steps to confirm that she is fulfilling her ethical obligations due to distinct issues raised by the VLO and its operation. See California Formal Eth. Op. 2012-184 (May 2012).

Iowa Lawyers May Use SaaS [Cloud] Services

Peterk — Wed, 25 Jul 2012 03:28:10 +0000

Iowa Lawyers May Use SaaS [Cloud] Services provided that they consider the access to the data, conduct appropriate due diligence regarding the SaaS provider, the cost of the service, and the degree of protection afforded the data. Iowa Ethics Opinion 11-01 (September 9, 2011).

Maine Lawyers May Use Third Party [Cloud] Services to Process and Store Electronic Files

Peterk — Wed, 25 Jul 2012 03:21:51 +0000

Main lawyers may store and synchronize electronic work files containing confidential client information. Maine Ethics Opinion #194 (June 30, 2008). Processing of firm data may include transcription of voice recordings and transfer of firm computer files to an off-site “back-up” of the firm’s electronically held data.

At a minimum, the lawyer should take steps to ensure that the company providing confidential data storage has a legally enforceable obligation to maintain the confidentiality of the client data involved. With the pervasive and changing use of evolving technology in communication and other aspects of legal practice, particular safeguards which might constitute reasonable efforts in a specific context today may be outdated in a different context tomorrow. Therefore, rather than attempting to delineate acceptable and unacceptable practices, the opinion outline guidance for the lawyer to consider in determining when professional obligations are satisfied.

Massachusetts Lawyers May Use Cloud/SaaS Services

Peterk — Wed, 25 Jul 2012 03:16:29 +0000

A lawyer generally may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution, such as “Google docs,” so long as the lawyer undertakes reasonable efforts to ensure that the provider’s terms of use and data privacy policies, practices and procedures are compatible with the lawyer’s professional obligations, including the obligation to protect confidential client information reflected in Rule 1.6(a). A lawyer remains bound, however, to follow an express instruction from his or her client that the client’s confidential information not be stored or transmitted by means of the Internet, and all lawyers should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first obtaining the client’s express consent to do so. Massachusetts Ethics Opinion 12-03. (May 17, 2012)

Pennsylvania Lawyers May Use the Cloud and SaaS Solutions to Store Client Information

Peterk — Wed, 25 Jul 2012 02:46:10 +0000

Pennsylvania lawyers may ethically allow client confidential material to be stored in “the cloud” provided the attorney takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks. Pennsylvania Formal Opinion 2011-200

Vermont Lawyers May Use SaaS Solutions to Store and Manage Client Information

Peterk — Wed, 25 Jul 2012 02:41:58 +0000

Vermont lawyers can utilize Software as a Service (”SaaS”) in connection with confidential client information, property, and communications, including for storage, processing, transmission, and calendaring of such materials, as long as they take reasonable precautions to protect the confidentiality of and to ensure access to these materials. Vermont Advisory Ethics Opinion 2010-6.

Third-Party Electronic [Cloud] Storage of Client Materials in Oregon

Peterk — Wed, 25 Jul 2012 02:33:45 +0000

Lawyers may store client materials on a third-party server so long as the lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation. Oregon 2011-188 (November 2011). This may include, among other things, ensuring the service agreement requires the vendor to preserve the confidentiality and security of the materials. It may also require that vendor notify the lawyer of any nonauthorized third-party access to the materials. The lawyer should also investigate how the vendor backs up and stores its data and metadata to ensure compliance with the lawyer’s duties.

North Carolina Opinions Permits Use of SaaS Providers

Peterk — Sat, 28 Jan 2012 00:56:02 +0000

North Carolina 2011 Formal Ethics Opinion 6 Opinion rules that a lawyer may contract with a vendor of software as a service provided the lawyer uses reasonable care to safeguard confidential client information. (1/27/2012).

California Issues Ethics Opinion on Confidentiality and the Use of E-mail and Technology To Transmit Client Information

7d8 David Hricik — Sun, 26 Dec 2010 11:44:12 +0000

California Formal Opinion 2010-179 outlines the lawyer’s duties when transmitting or storing confidential client information when the underlying technology may be susceptible to unauthorized access by third parties. An attorney’s duties of confidentiality and competence require the attorney to take appropriate steps to ensure that his or her use of technology in conjunction with a client’s representation does not subject confidential client information to an undue risk of unauthorized disclosure. Because of the evolving nature of technology and differences in security features that are available, the attorney must ensure the steps are sufficient for each form of technology being used and must continue to monitor the efficacy of such steps.