Cloud Computing

Brooklyn fire destroys 85,000 court files

Stacked3This week's Daily Record column is entitled " Brooklyn fire destroys 85,000 court files."  My past Daily Record articles can be accessed here.

***

Brooklyn fire destroys 85,000 court files

 

In the past, I’ve discussed the many benefits of online data storage via cloud computing. Whether it’s convenience and flexibility, 24/7 access to client data from anywhere, affordability, simplicity or the ability to eliminate IT staff and software management requirements, there are a host of reasons to move your law firm into the cloud.

But there’s another important reason to make the transition to storing your law firm case files in the cloud: disaster backup. As I explained in a column earlier this year where I covered a fire that resulted in a Buffalo law firm’s confidential client files being strewn onto the city street below, you never know when disaster will strike. Unfortunately, that fire wasn’t a rare, isolated occurrence. Just a few months later, another fire — this time in Brooklyn — destroyed even more confidential and irreplaceable legal files.

This particular fire decimated a Brooklyn storage building, including all of the paper files that were stored inside. As reported in the New York Daily News, over 85,387 boxes of records that belonged to the New York State Office of Court Administration (OCA) were lost, consisting of records of closed cases from all five boroughs:

“The lost records include 19,108 boxes from the criminal division of Manhattan Supreme Court. The boxes contained case files and court transcripts from felony matters between 1940 and 1998.
The biggest hit was to family court files — 34,187 boxes worth, dating from 1954 to 2006, were scorched in the flames.

Also lost were 1,213 boxes containing Manhattan Supreme Court civil records from 1911 to 1954 and from 1985 to 1997; 18,721 boxes from Brooklyn Supreme Court (civil) from 1873 to 1941 and 7,668 Bronx Supreme Court boxes from 1983 to 1995.”

Regrettably, the OCA had insufficient backup procedures in place, meaning that nearly all of the files damaged in the fire were considered unsalvageable. The OCA even brought in a disaster recovery firm in an unsuccessful attempt to recover the documents:

“There is nothing that was salvageable,” said OCA Executive Director Ronald Younkins. “They had an outside company that specializes in restoration of documents and disaster recovery. They came and — nothing.”

Should files destroyed in the fire be requested for use in other proceedings, the OCA intends to attempt to reconstruct partial case files through other means. In some cases, the OCA will attempt to obtain records for more recent cases by accessing documents that were e-filed. But for all other matters, the OCA will have to rely on documents maintained by other offices:

OCA may ask the district attorneys’ offices to share documents and some disposition data is computerized. Also, some records were scanned or preserved on microfiche.

So, because the OCA had no online backup procedures in place, it has to rely on obtaining copies of the few remaining digital and paper documents that are in the custody of others.

While you might think this type of disaster is unlikely to happen to your law firm, are you really willing to take that chance? Fires and other disasters happen more often than you might think. So plan ahead. Use cloud storage for your firm’s case files.

With online storage, you’ll have one less thing to worry about and your law firm’s confidential client data will be safely stored on cloud computing servers with built-in redundant data backup. This means that the data is regularly backed up to multiple servers located in different geographical regions.

In other words, when your law firm’s data is stored in newly built, cutting edge, cloud computing data centers you can rest easy. Because even in the face of disaster, cloud computing will save the day.

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Alaska opinion on lawyers using cloud computing

Stacked3This week's Daily Record column is entitled "Alaska opinion on lawyers using cloud computing."  My past Daily Record articles can be accessed here.

*****

 

Alaska opinion on lawyers using cloud computing

Last week I wrote about a recent opinion from Tennessee wherein the Ethics Committee joined many others across the country in permitting lawyers to store confidential client data in the cloud. While reading that opinion I discovered that an ethics opinion on cloud computing had been handed down in Alaska last year that I somehow missed. So, today I’m going to rectify that.

In Alaska Bar Association’s Ethics Opinion No. 2014-3, the Alaska Bar Association Ethics Committee considered the issue of whether lawyers may ethically store client files in a cloud-based system. In the end, the committee joined the other jurisdictions that have considered this issue and concluded that lawyers may store client data in the cloud as long as reasonable steps to protect that data are taken.

This opinion was very perfunctory, and although it may not have been the intention of the authors, placed what I believe to be an undue burden on Alaska lawyers who use cloud computing. Essentially, the committee concluded that lawyers have an obligation to stay abreast of changes in technology, including “(t)echnological changes, the regulatory framework, and privacy laws.”
While that conclusion comports with the standard applied in other jurisdictions, the committee explained the lawyer’s duty as follows:

“While a lawyer need not become an expert in data storage, a lawyer must remain aware of how and where data are stored and what the service agreement says. Duties of confidentiality and competence are ongoing and not delegable. A lawyer must therefore take reasonable steps to protect client information when storing data in the cloud. The requirement of competence means that even when storing data in the cloud, a lawyer must take reasonable steps to protect client information and cannot allow the storage and retrieval of data to become nebulous.”

Contrary to the conclusion reached in most other jurisdictions, nowhere in the opinion does the committee state that lawyers have the option of hiring a technology consultant to assist in making the decision to use cloud computing and instead the committee seems to require that the burden of assessing the security of data stored in the cloud be placed entirely on the lawyer’s shoulders.

The committee explains that a lawyer must ensure that the provider takes “(a)ppropriate security measures (which) could include password protections or other verification procedures limiting access to the data, safeguards such as data backup and restoration, a firewall or encryption, periodic audits by third parties of the provider’s security, and notification procedures in case of a breach.”
The committee also seems to place the onus of maintaining the cloud computing systems on the attorney — something that typically falls within the jurisdiction of the cloud computing provider — when it states:

“Reasonable steps must be taken to safeguard data stored in and transmitted through the cloud … During the course of representation, a lawyer must take reasonable steps to ensure that the electronic data stored in the cloud are secure and available while maintaining that information on the client’s behalf … The lawyer must know at all times where sensitive client information is stored, be it in the cloud or elsewhere.”

The committee’s decision to require lawyers to understand both the intricacies of cloud computing platforms without the assistance of a consultant and the ins and outs of maintaining data in the cloud, is troubling and seems designed to discourage lawyers in Alaska from using cloud computing tools.

It’s unclear to me if this was the intention of the committee or if the results were instead an unintended result of the rather truncated nature of the opinion. There’s no doubt about it — the committee didn’t mince words — something that may end up working to the detriment of Alaskan attorneys seeking to use 21st century technology tools in their law practices. 

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Tennessee weighs in on the ethics of cloud computing

Stacked3This week's Daily Record column is entitled "Tennessee weighs in on the ethics of cloud computing."  My past Daily Record articles can be accessed here.

*****

Tennessee weighs in on the ethics of cloud computing

 

Lawyers have been using cloud computing, where law firm data is stored on servers owned and maintained by a third party, for years now. But as is often the case with new technologies, it takes a while for ethics committees to address the potential ethical issues lawyers face when incorporating new technology tools into their practices.

 

Earlier this month, Tennessee joined many other jurisdictions across the country and considered the ethics of lawyers using cloud computing in Formal Ethics Opinion 2015-F-159 (online: www.tbpr.org/ethic_opinions/2015-f-159).

 

At issue was whether lawyers may store confidential client information “in the cloud.” In reaching its decision, the Ethics Committee thoroughly reviewed the opinions issued by other jurisdictions prior to applying the Tennessee Rules of Professional Conduct to the issue.

 

From the outset, the committee wisely noted that because technology has changed so rapidly in recent years, a fluid standard was required: “Due to the fact that technology is constantly evolving, this opinion only provides lawyers with guidance in the exercise of reasonable care and judgment regarding the lawyer’s use of cloud technology in compliance with the rules of professional conduct, rather than mandating specific practices regarding the use of such technology.”

 

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Wisconsin weighs in on the ethics of cloud computing

Stacked3This week's Daily Record column is entitled "Wisconsin weighs in on the ethics of cloud computing ."  My past Daily Record articles can be accessed here.

*****

 Wisconsin weighs in on the ethics of cloud computing 

In March, Wisconsin joined the ranks of many other jurisdictions and addressed the ethics of lawyers using Web-based computing in their practices. At issue in Wisconsin Formal Ethics Opinion EF-15-01 was how lawyers could ethically use cloud computing services to store confidential client information.

At the outset, the committee acknowledged that the issue was not whether lawyers could use cloud computing, but instead, how to go about ethically using cloud computing services: “As cloud computing becomes more ubiquitous and as clients demand more efficiency, the question for counsel is no longer whether to use cloud computing, but how to use cloud computing safely and ethically.”

The committee agreed with the other jurisdictions that have addressed the issue and concluded that lawyers may ethically use cloud computing in their practices: “(C)loud computing is permissible as long as the lawyer adequately addresses the potential risks associated with it … (L)awyers must make reasonable efforts to protect client information and confidentiality as well as to protect the lawyer’s ability to reliably access and provide information relevant to a client’s matter when needed. To be reasonable, those efforts must be commensurate with the risks presented. Lawyers must exercise their professional judgment when adopting specific cloud-based services, just as they do when choosing and supervising other types of service providers.”

The committee explained that client consent is not required, but in certain cases, may be advisable and also addressed a lawyer’s obligations in the event of a breach: “While a lawyer is not required in all representations to inform clients that the lawyer uses the cloud to process, transmit or store information, a lawyer may choose, based on the needs and expectations of the clients, to inform the clients. A provision in the engagement agreement or letter is a convenient way to provide clients with this information … If there has been a breach of the provider’s security that affects the confidentiality or security of the client’s information, SCR 20:1.4(a)(3) and SCR 20:1.4(b) require the lawyer to inform the client of the breach.”

Importantly, the committee confirmed that absolute security is not required and is an impossibility, since “(l)awyers are not required to guarantee that a breach of confidentiality cannot occur when using a cloud service provider, and … are not required to use only infallibly secure methods of communication.”

The committee then explained that lawyers do have a duty to make reasonable efforts to secure client data and identified factors to consider when assessing the risks. According to the committee “(t)hese factors, which are not exclusive,” include:
• the information’s sensitivity;
• the client’s instructions and circumstances;
• the possible effect that inadvertent disclosure or unauthorized interception could pose to a client or third party;
• the attorney’s ability to assess the technology’s level of security;
• the likelihood of disclosure if additional safeguards are not employed;
• the cost of employing additional safeguards;
• the difficulty of implementing the additional safeguards;
• the extent to which the additional safeguards adversely affect the lawyer’s ability to represent clients;
• the need for increased accessibility and the urgency of the situation;
• the experience and reputation of the service provider;
• the terms of the agreement with the service provider; and
• the legal and ethical environments of the jurisdictions in which the services will be performed, particularly with regard to confidentiality.”

Finally, the committee wisely noted that an elastic standard of reasonableness was required and the factors listed were simply recommendations since “lawyers’ ethical duties are continually evolving as technology changes.” Specific requirements would soon become obsolete.

Moreover, the risks vary with the technology involved, the type of practice and the individual needs of a particular client. Lawyers must exercise their professional judgment in adopting specific cloud-based services, just as they do when choosing and supervising other types of service providers, and specific requirements would do little to assist the exercise of professional judgment.”

Also of note was Appendix A to the opinion, which included a useful and in-depth summary of the various cloud computing ethics opinions issued thus far from other U.S. jurisdictions. The Appendix alone is a useful source of information, while the opinion as a whole provides valuable insight into the issues presented when lawyers use cloud computing tools in their practices and provides a measured and thoughtful framework for lawyers seeking to implement any type of new technology into their practices.

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


New York State Bar on virtual law practices

Stacked3This week's Daily Record column is entitled "New York State Bar on virtual law practices."  My past Daily Record articles can be accessed here.

*****

 

New York State Bar on virtual law practices  

 

 

Last week I discussed Schoenefeld v. State of New York, 25 N.Y.3d 22. In that case, the New York Court of Appeals interpreted the bona fide office rule as it relates to New York lawyers seeking to practice law from a virtual office, where the lawyer is located outside of the state. The court concluded that the clear language of New York’s bona fide office rule required “nonresident attorneys to maintain a physical office in New York.”

Shortly after that decision was handed down, the New York State Bar Association Committee on Professional Ethics examined the ethical obligations of an attorney licensed to practice law in New York but who was seeking to practice law from a virtual law office while residing in Virginia. In Opinion 1054 (April 10, 2015) the committee addressed this issue: “May a lawyer admitted only in New York and Pennsylvania practice in the federal courts in Virginia and before the Administrative Board of Veterans Affairs from a ‘virtual office’ in Virginia?”

The focus of the committee’s analysis revolved around choice of law issues and the circumstances under which the Virginia ethical rules would control the attorney’s conduct as opposed to the New York rules. After reviewing the facts and relevant law, the committee concluded that “the inquirer is deemed ‘licensed to practice’ in Virginia, and the New York disciplinary authorities would ordinarily apply the Virginia Rules of Professional Conduct to his conduct.”

Accordingly, he was permitted to operate a virtual practice in Virginia since “the Virginia State Bar Association ha(d) opined that he may practice from an office address in Virginia, as long as he limits his practice to federal court, and indicates on his letterhead, business cards and website that he is licensed to practice law only in New York and Pennsylvania.”

However, the committee noted that because he was practicing from a location in Virginia, his ability to solicit New York legal clients was necessarily limited by the New York rules regarding virtual practices and the requirement that New York lawyers have a bona fide office within the state. The committee explained that in its prior opinion, 1025 (2014), it concluded that New York courts have long held that Judiciary Law §470 requires attorneys who practice, but do not live, in New York, to have an office here.

The committee then referred to the Schoenefeld case from last month and opined: “Assuming the inquirer is soliciting business from New York residents, the inquirer must comply with various duties imposed by the Rules, see N.Y. State 1025 (2014) (listing duties under various Rules, and noting that there is no “virtual law office exception” to any of the Rules).”

However, the committee noted that after the New York Court of Appeals issued its decision in Schoenefeld, the matter was returned to the Second Circuit Court of Appeals for its determination as to the constitutionality of Judiciary Law §470. Obviously the outcome of that case may affect the status of the bona fide office requirement and the committee’s future conclusions in that regard.

So stay tuned, folks. In due time, the ability of New York-licensed attorneys to operate virtual law practices serving New York clients may change. But for now, an office within New York continues to be required.

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Fire at Buffalo firm proves value of digital storage

Stacked3This week's Daily Record column is entitled "Fire at Buffalo firm proves value of digital storage."  My past Daily Record articles can be accessed here.

*****

Fire at Buffalo firm proves value of digital storage 

 

Last week, a fire broke out in a high rise building in downtown Buffalo. The fire originated on the 15th floor of the building where a law firm was located. Unfortunately for the law firm, the fire and the subsequent efforts of the firefighters to extinguish it caused a sequence of events that resulted in every lawyer’s nightmare: the disclosure of confidential files.

As reported in a WIVB.com article about the incident, the windows to the building were blown out, causing confidential client documents to rain onto the city street below: “According to the Buffalo fire commissioner, a slew of legal files, some of which may contain private information, are flying around the streets of Buffalo after a fire broke out on the 15th floor of Main Place Tower in Buffalo … The documents are all old case files from closed cases, but could contain sensitive information many customers of (the law firm) might not want prying eyes to see.”

All of this could have been prevented if this particular firm had gone paperless. Had all of their client files been converted to digital documents and stored in the cloud on servers located offsite, the end result would have been simply damaged equipment, but not the release of confidential client files onto the streets of downtown Buffalo.

That’s the beauty of the offsite storage of digital documents: Your law firm’s data is housed in a secure cloud environment and protected from onsite physical damage. In fact, that’s one of the biggest benefits of cloud storage; it provides one of the best forms of disaster backup available.
Specifically, it is the design of the newly built, cutting edge, cloud computing data centers that makes all the difference. Storing your firm’s data in the cloud ensures that even in the face of disaster, built-in redundant data backup — where data is regularly backed up to multiple servers located in different geographical regions — will save the day.

The reason this is such a selling point for cloud computing is because it’s impossible to predict when you might lose access to your office, whether because of a natural disaster or otherwise.

For example, a few years ago I spoke on a panel about cloud computing for the New York State Bar Association and one of my co-panelists was a NYC lawyer who switched his firm over to cloud computing after losing access to the servers housed in his law firm’s office, which was located in the Empire State Building. He explained that building management advised tenants on a Friday that power would be out all weekend for scheduled maintenance. That meant that he was unable to remotely access his firm’s data for the entire weekend. Shortly after that happened, he moved his firm’s data to the cloud and hasn’t looked back.

Now, his law firm, just like other businesses who store their data in the cloud, has a built-in disaster plan in effect. If the Buffalo law firm had taken similar steps to ensure the security and safety of their client files, they wouldn’t be in the unfortunate position they found themselves in last week.
So learn from that firm’s mistakes. Research the technology options available and then carefully take steps to move your firm to a paperless environment, thus enhancing the security, flexibility and mobility of your firm. By doing so you’ll make it easier than ever to preserve and access your firm’s securely stored data, no matter what the circumstances – even in the face of a fire or other disaster.

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


2015 Legal Technology Predictions

Stacked3This week's Daily Record column is entitled "2015 Legal Technology Predictions."  My past Daily Record articles can be accessed here.

*****

2015 Legal Technology Predictions

 

As 2014 draws to a close, it’s once again time for me to take a stab at predicting how lawyers will use technology in the coming year. I’ve been making these predictions for years now; sometimes I’m right, sometimes I’m wrong. But either way, it’s always a fun endeavor to put my predictions out there and then see if they come to pass. So, let’s get started, shall we?

First, let’s take a look at social media. In 2015, overall social media use by individual lawyers for professional purposes will essentially plateau. This is because the main social media platforms —LinkedIn, Facebook and Twitter — are saturated with lawyers and it’s becoming increasingly difficult for newcomers to stand out from the crowd.

Nearly all lawyers now have profiles on LinkedIn so there’s very little room for LinkedIn growth next year. Facebook use by individual lawyers will increase, but more so for personal use than professional use. This is because this platform has become more of a social endeavor for most individual attorneys, although lots of professional connections continue to be maintained on Facebook. Twitter use will likely decline slightly in 2015 for individual lawyers because it’s a difficult platform in which to gain a foothold and many eventually abandon it for other social media platforms that provide more instantaneous results.

However for law firms, social media growth will increase slightly in the coming year, with most firms viewing their social media presence as a necessary branding measure. LinkedIn pages for firms will see an increase since so many lawyers are on LinkedIn. Firms will also increasingly use Twitter since it is such a public way to establish a firm’s brand. Finally, Facebook pages for firms will see an increase as well, but at the slowest pace, given the more social nature of the site.

Google Plus use for both lawyers and law firms will remain the same. This platform had great potential, but unfortunately Google never opened up the site to third party platforms, which makes it difficult to incorporate Google Plus into a daily social media sharing routine. So growth has stagnated and use of the site has declined somewhat.

Next up, cloud computing. I predict that lawyers’ use of cloud computing will increase in 2015 but not as much as I had predicted in prior years. The unexpected NSA revelations and announcements of major hacking events in 2014 put a damper on the uptick in cloud computing.

But one thing that has become clear in the past year is that these types of events are inevitable regardless of whether data is stored on premise-based servers (such as those located in law firms) or on servers owned by third parties, as is the case with cloud computing. In other words, this year lawyers will begin to use cloud computing more often as they realize that what matters is the security measures in place that protect files, not the location of the servers that house the data. So, I predict that we’ll see an overall increase of 10 percent in the use of cloud computing by lawyers, with solo and small firm attorneys leading the way.

Finally, let’s take a look at mobile computing. Lawyers have embraced mobile computing more quickly than any other new type of technology. This trend will continue in 2015, with wearables leading the way. The majority of lawyers already use a smartphone so the increase in smartphone use will be small — perhaps 5 percent. Nearly half of all lawyers use a tablet in their practice and that number will increase only slightly in 2015 to approximately 55 percent.

But it’s wearable technology that will really make waves in 2015 — specifically smartwatches. As I predicted last year, only a small number of lawyers used smart watches in 2014. But with the release of the Apple Watch in early 2015, that will change. By the year’s end, I predict that 10-15 percent of lawyers will be using smartwatches and then by the end of 2016 that number will increase to at least 25 percent. And by the end of 2017, nearly 40 percent of lawyers will be using smartwatches.

Other wearable technology, such as Google Glass, won’t take hold in the legal profession anytime soon, although some innovative lawyers will find ways to use them in their practices.

So there you have it! My technology predictions for 2015. Check back next year at this time to see which ones were spot on and which ones totally missed the mark!

Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


The Ethics of Communicating With Clients Online

Stacked3This week's Daily Record column is entitled "The Ethics of Communicating With Your Clients Online."  My past Daily Record articles can be accessed here.

*****

The Ethics of Communicating With Your Clients Online

I’ve been writing about cloud computing — where your data and software are stored on servers owned and maintained by a third party — since 2008. And for years now I’ve asserted that Web-based computing is the future and that lawyers can ethically use it for the purposes of storing confidential client information as long as they exercise reasonable care in choosing their legal software providers.

This is a position supported by all applicable ethics decisions handed down throughout the United States in recent years, including the most recent one from the New York State Bar Association, Op. 1020. In this decision, the Committee for Professional Ethics concluded: “Whether a lawyer for a party in a transaction may post and share documents using a ‘cloud’ data storage tool depends on whether the particular technology employed provides reasonable protection to confidential client information and, if not, whether the lawyer obtains informed consent from the client after advising the client of the relevant risks.”

However, even though cloud computing has repeatedly received the green light by ethics committees across the country, some lawyers continue to express reticence about cloud computing, citing security concerns. This reluctance is misguided in light of recent revelations about security issues affecting more traditional means of client communication and information storage provide.

For example, as proof that traditional methods of storing information are not foolproof, there’s the report of a recent breach notification issued by a California criminal defense law firm after a hard drive containing backup files from one of the firm’s server’s was stolen from the trunk of a car. The breach notification letter that was sent out to their clients in August can be found here: http://tinyurl.com/breachletter. So, even though the firm used onsite servers to store their client data, confidential client information was nevertheless obtained by outsiders.

In another recent case, the security of encrypted email was called into question. Lawyers have long used traditional unencrypted email to communicate with clients, ever since bar associations began to approve this practice in the late 1990s.

However, more recently the American Bar Association cast some doubt on the use of email for all client communications when it acknowledged the lack of security offered by unencrypted email and issued ABA Formal Opinion 11-459 and concluded: “Whenever a lawyer communicates with a client by email, the lawyer must first consider whether, given the client’s situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client.”

Due to fears about the security of unencrypted email, some lawyers have turned to encrypted email in an effort to address this perceived security risk. Unfortunately, the Electronic Frontier Foundation recently reported that many ISPs have been intercepting customer data and stripping emails of their encryption layer (http://tinyurl.com/effemail). So even encrypted email is susceptible to tampering.

In another case, we learn that even communications relayed using “snail mail” are now at increased risk of interception. The ABA Journal reported last month that “(t)he U.S. Postal Service approved nearly 50,000 requests last year to monitor the mail of Americans in its ‘mail covers’ program, raising concerns about lack of oversight.” (http://tinyurl.com/abamail). The monitoring requests were made by “both by law enforcement and the Postal Service’s own inspections unit” and attorney-client communications were sometimes targeted, with no requirement in place to notify lawyers when this type of information is accessed.

In other words, no matter how your law firm stores information or communicates with clients, there are risks. Whether your firm uses paper, server-based software, or cloud-based software, outside access to confidential client information is a possibility.

There is no such thing as absolute security and the ethics committees have long recognized this fact. Instead, regardless of how the information is stored or transmitted, your duty is not to ensure absolute security but to instead take reasonable steps to protect that information. Vet any third-party provider who will have access to confidential client data and carefully consider the sensitivity of the data that will be discussing, regardless of the format of your communication.
The use of cloud computing tools to store confidential client data and discussions is no more or less ethical than any other type of method. Instead, your ethical obligation is to ensure that whatever method you choose is reasonable under the circumstances.

Nicole Black is a Rochester, New York attorney and Director of Business Development and Community Relations at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Another NYS Bar Decision On Virtual Offices

Stacked3This week's Daily Record column is entitled "Another NYS Bar Decision On Virtual Offices."  My past Daily Record articles can be accessed here.

*****

Another NYS Bar Decision On Virtual Offices

 

 

In September I wrote about a recent decision on virtual law offices handed down by the New York City Bar Association in Formal Opinion 2014-2. In it, The Association of the Bar of the City of New York Committee on Professional Ethics concluded that it was ethically permissible for an attorney contemplating opening a virtual law office to use the VLO address as her “principal law office address” and on her law firm’s business cards, website and letterhead.

In that case, the attorney planned to open a virtual law practice wherein, instead of maintaining a physical office, she would do most of her work from home but would meet with clients in an alternate physical location other than her home, such as an office that rented out space.
In other words, her proposed VLO differed somewhat from the more accepted definition of a VLO, where lawyers practice law and interact with clients via their computer and mobile devices in lieu of a traditional brick and mortar office. One issue with this type of VLO in New York — where there is no physical office space — has always been the physical office requirement of Rule 7.1(h).

Fortunately, the New York State Bar Association weighed in on that issue in September when it issued Ethics Opinion 1025. In this case, the inquiring attorney — who lived outside the United States but was licensed to practice law in New York — sought to open a VLO. She planned to market her practice as one that provided only transactional legal services, including preparing contracts relating to employment law, business law, and charity law. At issue was whether the physical office requirement of Rule 7.1(h) prevented her “from operating a purely virtual law office?”

In reaching its decision, the committee noted that “Rule 7.1(h) of the New York Rules of Professional Conduct (the ‘Rules’) requires attorney advertising to include the attorney’s ‘principal law office address.’ Rule 7.1(h) states what an attorney’s advertising must contain, but does not expressly state that all attorneys ‘shall’ or ‘must’ maintain a physical office, or set standards to determine what constitutes such an office.”

Then, in keeping with its forward thinking ethics decisions issued in the recent past regarding the intersection of Internet-based technologies and the practice of law, the committee then concluded that based on recent New York case precedent and decisions being issued in other states regarding the physical office requirement, that Rule 7.1(h), which is intended to regulate only advertising, no longer “provides an independent basis for requiring a physical office.’”

The committee then clarified its conclusion: “In whatever manner the courts resolve the statutory issues regarding virtual law offices — and we express no opinion on how they will or should resolve those issues — neither Rule 7.1(h) nor any other advertising rule imposes or defines the contours of an attorney’s office or style of practice. To the extent N.Y. State 756 and 964 opine that Rule 7.1(h) or its predecessor imposes an obligation for a physical office, they are modified. We now conclude that an attorney who is admitted to practice in New York but who is not resident in New York and who advertises his or her law practice in New York must include the address of the attorney’s principal office, which may be the Internet address of a virtual law office.”

Once again New York leads the way in issuing ethics decisions that reflect a thoughtful understanding of the impact of technology on the practice of law. To ignore the incredible changes occurring would be a disservice to the profession. Fortunately, the New York State Bar’s Committee on Professional Ethics is issuing decisions which have the opposite effect.

Nicole Black is a Rochester, New York attorney and Director of Business Development and Community Relations at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can bereached at niki@mycase.com.


NY bar on ethics of cloud computing – again

Stacked3This week's Daily Record column is entitled "NY bar on ethics of cloud computing – again."  My past Daily Record articles can be accessed here.

***** 

 NY bar on ethics of cloud computing – again 

New York state has long been on the cutting edge of addressing the ethics of using different technologies in the practice of law. So it was no surprise when the New York State Bar was one of the first to confront the ethics of cloud computing when the Committee on Professional Ethics handed down Op. 842 in 2010, which addressed the ethics of storing confidential client data online.


In that opinion, the committee held that “(a) lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to ensure that confidentiality is maintained in a manner consistent with the lawyer’s obligations under Rule 1.6.”

In two different opinions handed down in the latter half of this year, the committee further clarified its position on the use of cloud computing by lawyers. In both opinions, the committee reaffirmed the applicability of the longstanding duty of due diligence when assessing the security of third party service providers, explaining that a lawyer must assess whether the technology offers reasonable protections against disclosure and must also take reasonable precautions when using technology.
At issue in Op. 1019, issued in August, was whether a law firm may “provide its lawyers with remote access to its electronic files.” The committee concluded that it was permissible to do so in the absence of client consent, so long as the attorney concluded that the security precautions exercised by the third party provider were reasonable.

In doing so, the committee recognized the need for a flexible standard: “Because of the fact-specific and evolving nature of both technology and cyber risks, this committee cannot recommend particular steps that constitute reasonable precautions to prevent confidential information from coming into the hands of unintended recipients. If the firm cannot conclude that its security precautions are reasonable, then it may request the informed consent of the client to its security precautions, as long as the firm discloses the risks that the system does not provide reasonable assurance of confidentiality, so that the consent is ‘informed’…”

In Op. 1020, which was handed down in September, the issue addressed was whether “a lawyer representing a party to a transaction (may) use a cloud-based technology so as to post documents and share them with others involved in the transaction.” The committee reached the same conclusion as it did in Op. 1019: “Whether a lawyer for a party in a transaction may post and share documents using a ‘cloud’ data storage tool depends on whether the particular technology employed provides reasonable protection to confidential client information and, if not, whether the lawyer obtains informed consent from the client after advising the client of the relevant risks.”

Importantly, in reaching its decision, the committee noted that lawyers have a duty to stay abreast of changes in technology explaining that the “use of electronically stored information may not only require reasonable care to protect that information under Rule 1.6, but may also, under Rule 1.1, require the competence to determine and follow a set of steps that will constitute such reasonable care.”

By way of example, the committee explained in a footnote that “the duty of competence may require litigators, depending on circumstances, to possess a basic or even a more refined understanding of electronically stored information.”

So, once again, New York leads the way when it comes to the ethics of the use of technology by lawyers. In this case, the Committee on Professional Ethics offered two well-reasoned opinions centered around elastic standards that will undoubtedly withstand the tests of time.

Nicole Black is a Rochester, New York attorney and Director of Business Development and Community Relations at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can bereached at niki@mycase.com.