Legalethics.com

Iowa Lawyers May Use SaaS [Cloud] Services

Peterk — Wed, 25 Jul 2012 03:28:10 +0000

Iowa Lawyers May Use SaaS [Cloud] Services provided that they consider the access to the data, conduct appropriate due diligence regarding the SaaS provider, the cost of the service, and the degree of protection afforded the data. Iowa Ethics Opinion 11-01 (September 9, 2011).

Maine Lawyers May Use Third Party [Cloud] Services to Process and Store Electronic Files

Peterk — Wed, 25 Jul 2012 03:21:51 +0000

Main lawyers may store and synchronize electronic work files containing confidential client information. Maine Ethics Opinion #194 (June 30, 2008). Processing of firm data may include transcription of voice recordings and transfer of firm computer files to an off-site “back-up” of the firm’s electronically held data.

At a minimum, the lawyer should take steps to ensure that the company providing confidential data storage has a legally enforceable obligation to maintain the confidentiality of the client data involved. With the pervasive and changing use of evolving technology in communication and other aspects of legal practice, particular safeguards which might constitute reasonable efforts in a specific context today may be outdated in a different context tomorrow. Therefore, rather than attempting to delineate acceptable and unacceptable practices, the opinion outline guidance for the lawyer to consider in determining when professional obligations are satisfied.

Massachusetts Lawyers May Use Cloud/SaaS Services

Peterk — Wed, 25 Jul 2012 03:16:29 +0000

A lawyer generally may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution, such as “Google docs,” so long as the lawyer undertakes reasonable efforts to ensure that the provider’s terms of use and data privacy policies, practices and procedures are compatible with the lawyer’s professional obligations, including the obligation to protect confidential client information reflected in Rule 1.6(a). A lawyer remains bound, however, to follow an express instruction from his or her client that the client’s confidential information not be stored or transmitted by means of the Internet, and all lawyers should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first obtaining the client’s express consent to do so. Massachusetts Ethics Opinion 12-03. (May 17, 2012)

Vermont Lawyers May Use SaaS Solutions to Store and Manage Client Information

Peterk — Wed, 25 Jul 2012 02:41:58 +0000

Vermont lawyers can utilize Software as a Service (”SaaS”) in connection with confidential client information, property, and communications, including for storage, processing, transmission, and calendaring of such materials, as long as they take reasonable precautions to protect the confidentiality of and to ensure access to these materials. Vermont Advisory Ethics Opinion 2010-6.

1ff3

Third-Party Electronic [Cloud] Storage of Client Materials in Oregon

Peterk — Wed, 25 Jul 2012 02:33:45 +0000

Lawyers may store client materials on a third-party server so long as the lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation. Oregon 2011-188 (November 2011). This may include, among other things, ensuring the service agreement requires the vendor to preserve the confidentiality and security of the materials. It may also require that vendor notify the lawyer of any nonauthorized third-party access to the materials. The lawyer should also investigate how the vendor backs up and stores its data and metadata to ensure compliance with the lawyer’s duties.

North Carolina Opinions Permits Use of SaaS Providers

Peterk — Sat, 28 Jan 2012 00:56:02 +0000

North Carolina 2011 Formal Ethics Opinion 6 Opinion rules that a lawyer may contract with a vendor of software as a service provided the lawyer uses reasonable care to safeguard confidential client information. (1/27/2012).

Carrier IQ and security of certain mobile devices

Peterk — Thu, 01 Dec 2011 02:54:34 +0000

An interesting, perhaps troubling, issue raised with respect to security of certain mobile devices. Read more about Carrier IQ (http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/, http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/carrieriq-part2/, http://www.wired.com/threatlevel/2011/11/secret-software-logging-video. A somewhat long video of how this works is available here. http://tinyurl.com/cwcyjoc. Although there will likely be more articles about this in the media in the future, this highlights potential security and related issues for users of mobile devices.

Pennsylvania Lawyers Should Consult With Client Regarding Receipt of Errant E-mail

Peterk — Tue, 12 Jul 2011 04:33:38 +0000

A lawyer who is mistakenly copied on an e-mail between opposing counsel and their client, must notify the sender and consult with the lawyer’s own client in deciding whether and how to use the information. Penn. Bar. Ass’n. Comm on Legal ethics and Professional Responsibility Op. 2011-10 (03/2/2011)

Autocomplete Causes Misdirection: Court Disqualifies Recipients

David Hricik — Mon, 03 Jan 2011 12:10:13 +0000

The story with a link to the court’s order disqualifying the lawyers who read the misdirected e-mail is here.

994

California Issues Ethics Opinion on Confidentiality and the Use of E-mail and Technology To Transmit Client Information

David Hricik — Sun, 26 Dec 2010 11:44:12 +0000

California Formal Opinion 2010-179 outlines the lawyer’s duties when transmitting or storing confidential client information when the underlying technology may be susceptible to unauthorized access by third parties. An attorney’s duties of confidentiality and competence require the attorney to take appropriate steps to ensure that his or her use of technology in conjunction with a client’s representation does not subject confidential client information to an undue risk of unauthorized disclosure. Because of the evolving nature of technology and differences in security features that are available, the attorney must ensure the steps are sufficient for each form of technology being used and must continue to monitor the efficacy of such steps.