Previous month:
September 2010
Next month:
November 2010

NYSBA Ethics Committee Weighs in on the Cloud

Drlogo11

This week's Daily Record column is entitled "NYSBA Ethics Committee Weighs in on the Cloud."

A pdf of the article can be found  here and my past Daily Record articles can be accessed here.

*****

NYSBA Ethics Committee Weighs in on the Cloud

My column last week detailed the American Bar Association’s Commission on Ethics 20/20 call for comments regarding cloud computing.

I disagreed with the commission’s suggestion that attorneys may be obligated to “supervise” their cloud computing provider’s provision of services.

A reader expressed concern that my position might cause attorneys to believe they have no obligation to understand or research the cloud computing services prior to using them. He raised a good point, and that wasn’t my intent.

My position regarding attorneys’ obligations regarding emerging technologies is quite the opposite. My discussion in that column was limited specifically to the issue of whether lawyers have an obligation to supervise software developers in the day-to-day administration of a legal software platform, given that most lawyers lack the technical skills necessary to do so. In fact, in prior columns and writings, and in the book on cloud computing I’m in the process of writing (to be published by the ABA in early 2011), I repeatedly stress that attorneys have an obligation to stay abreast of changing technologies and take reasonable efforts to ensure their clients’ data will be secure if housed in the cloud.

Interestingly, in September, the New York State Bar Association’s Committee on Professional Ethics addressed this very issue in Opinion 842. Specifically, the committee considered the issue of whether an attorney can use an online system to store confidential client data and, if so, what steps must be taken to ensure the data are secure. In other words, the committee squarely addressed the ethics of using cloud computing plat- forms in a law practice.

All in all, the opinion was favorable, and very helpful, to attorneys interested in the possibility of using cloud computing services in their law firms.

The committee concluded it is permissible for attorneys to store confidential client data in the cloud, but only if reasonable steps are taken to ensure the data would be adequately protected from unauthorized disclosure: “A lawyer may use an online data storage system to store and back up client confidential informa- tion provided that the lawyer takes reasonable care to ensure that confidentiality will be maintained in a manner consistent with the lawyer’s obligations under Rule 1.6. In addition, the lawyer should stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information, and should monitor the changing law ofprivilege to ensure that storing the information online will not cause loss or waiver of any privilege.”

Importantly, the committee noted that “exercising ‘reasonable care’ under Rule 1.6 does not mean that a lawyer guarantees that the information is secure from any unauthorized access.”

In other words, as I’ve often repeated, reasonable security measures do not ensure absolute security. Absolute security is an absolute impossibility — and it’s heartening that the committee acknowledged that reality in its opinion. The committee also provided very helpful guidance for lawyers, explaining the steps the should be taken to ensure client data will be sufficiently protected.

Lawyers should:

  • • Be certain the cloud provider has an enforceable obligation to preserve confidentiality and security, and that the provider will notify the lawyer if served with process requiring the production of client information;
  • Investigate the provider’s security measures, poli- cies, recoverability methods and other procedures to determine if they are adequate;
  • Employ available technology to guard against rea- sonably foreseeable attempts to infiltrate the data; and/or
  • Investigate the provider’s ability to purge and wipe any copies of the data, and move data to a different host if the lawyer becomes dissatisfied or otherwise wants to change providers.

So, as the NYSBA’s committee rightfully concluded, and as I’ve repeatedly stated in the past, lawyers cannot blindly utilize cloud computing technologies without first understanding and researching the services provided by the cloud computing provider.

Exercising reasonable care entails asking the right questions and ensuring the provider’s responses assure you that your clients’ confidential information will be reasonably protected from unintended disclosure.

Nicole Black is of counsel to Fiandach & Fiandach in Rochester. She co-authors the ABA book Social Media for Lawyers: the Next Frontier, co-authors Criminal Law in New York, a West-Thomson treatise, and is currently writing a book about cloud computing for lawyers that will be published by the ABA in early 2011. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.


Social Media for Solo Practitioners (CLE)

Book cover
My co-author Carolyn Elefant and I recently recorded a Lawline CLE entitled "Social Media for Solo Practitioners." The CLE course is described as follows:

In this timely and exciting program, Nicole Black and Carolyn Elefant, attorneys and co-authors of the new book, Social Media for Lawyers: The Next Frontier, discuss how solo practitioners can use social media to their advantage. Ms. Black and Ms. Elefant review a number of popular social networking sites and provide tips on how attorneys can use these sites to increase their online presence, network with colleagues, interact with potential clients, and convert online relationships into offline ones. In addition, Ms. Black and Ms. Elefant dispel some myths about social media, and share ideas about how to use specific sites such as LinkedIn, Facebook, and Twitter to gain competitive intelligence, showcase expertise, and increase search engine optimization.

The content of this course was based loosely on the format of our recently published book, Social Media for Lawyers: the Next Frontier.

You can register for the course here. It costs just $40 and the best thing about Lawline CLE courses is that you can view them whenever you'd like from the comfort of your own home or office.


Cloud computing: Not your typical outsourcing relationship

Drlogo11

This week's Daily Record column is entitled "Cloud computing: Not your typical outsourcing relationship."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

Cloud computing: Not your typical outsourcing relationship

As I mentioned in a previous article, the American Bar Association established the Commission on Ethics 20/20 in 2009. The stated purpose of the commission is to “perform a thorough review of the ABA Model Rules of Professional Conduct and the U.S. system of lawyer reg- ulation in the context of advances in technology and global legal practice developments.”

The commission issued separate letters last month calling for comments on two different issues — lawyers’ use of Internet-based client development tools, including social    media    and    blogs, and client confidentiality and lawyers’ use
of technology, with a focus on cloud computing technologies
.


In a prior article I discussed the call for comments on social media use by lawyers. This week I’d like to focus on the cloud computing issue.

As explained in the letter calling for comments on lawyers’ use of cloud computing, “(t)he American Bar Association’s Commission on Ethics 20/20 is examining technology’s impact on the legal profession, including confidentiality-related concerns that arise from lawyers' increasing transmission and storage of electronic information ... One of the commission’s objectives is to determine what guidance to offer to lawyers who want to ensure that their use of technology complies with their ethical obligations to protect clients’ confidential information.”

One of the more alarming implications contained in this letter is the committee’s suggestion that, since cloud computing is a form of outsourcing and lawyers have ethical obligations to supervise non-lawyer assistants to whom work is outsourced, lawyers may have an ethical obligation to “supervise” cloud computing providers.

In support of this proposition, the committee relies on ABA Formal Ethics Opinion 08-451, which sets forth a lawyer’s obligation when outsourcing work to lawyers and non-lawyers. In the opinion, it is suggested that “The challenge for an outsourcing lawyer is ... to ensure that tasks are delegated to individuals who are competent to perform them, and then to oversee the execution of the project adequately and appropriately ... (T)o minimize the risk of potentially wrongful disclosure, the outsourcing lawyer should verify that the outside service provider does not also do work for adversaries of their clients on the same or substantially related matters; in such an instance, the outsourcing lawyer could choose another provider.”

To apply these requirements to cloud computing service providers would be a ridiculous proposition, just as it would likewise be outrageous to enforce this requirement upon lawyers using, for example, Lexis or Westlaw for their legal research services (which are a form of cloud computing as well). This is because out- sourced services that provide a software platform that assists in the practice of law are fundamentally different from the outsourcing of legal work or administrative tasks.

For example, lawyers are qualified to supervise the work of those performing outsourced legal or administrative tasks. However most lawyers are decidedly lacking the qualifications necessary to “supervise” software developers in the day-to-day administration of a legal software platform such as Westlaw or a legal cloud computing law practice management system.

Likewise, while lawyers certainly have an obligation to investigate the qualifications and competency of any company or person to whom work is outsourced, the duty to oversee the execution of a task would seemingly apply only to the tasks that the attorney is qualified to oversee: namely legal and administrative tasks, not tasks like computer programming, encryption, data storage, and the delivery of said services.

Finally, seeking to avoid conflicts of interests when engaging the services of a third party to perform legal or administrative tasks makes perfect sense. However, requiring lawyers to ensure that an online legal service provider does not provide services to adversaries, opposing parties, etc. would be impractical. Doing so would essentially prevent lawyers from using most online legal platforms, given that there are only a limited number of providers offering the different types of services, such as legal research platforms or law practice management programs.

In other words, there is a fundamental difference between outsourcing legal and administrative functions and outsourcing data management and storage to online legal service providers. The two types of outsourced services are not analogous and should not be treated as such when delineating an attorney’s ethical duties. Doing so confuses attorneys’ ethical obligations and unnecessarily limits the technology choices available to law firms

Nicole Black is of counsel to Fiandach & Fiandach in Rochester. She co-authors the ABA book Social Media for Lawyers: the Next Frontier, co-authors Criminal Law in New York, a West-Thomson treatise, and is currently writing a book about cloud computing for lawyers that will be published by the ABA in early 2011. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.


Mark Your Calendars--Thursday October 21st

Mylegal On Thursday, October 21st, I'll be speaking in Washington D.C. with my co-author, Carolyn Elefant at the MyLegal.com conference "The Case for Social Media."

Our presentation will cover the following:

From Facebook to Twitter, from LinkedIn to Avvo, from Justia to JDSupra, social media can be a tremendously effective tool for building your legal practice. This session will cover what you need to know before jumping in. Discover which online directories are most effective in helping you achieve your professional goals and which social media platforms make the most sense for you based upon your areas of practice, geographical location and your “online personality.”

You can learn more about the presentation from this recent press release.

Hope to see you there!