Texas Bar weighs in on lawyers using cloud computing
For nearly a decade now, I’ve been tracking ethics opinions that address the issue of whether lawyers can ethically use cloud-based software to store confidential client data. As a refresher, cloud computing is when you store your data on servers owned by a third party instead of on your law firm’s on-premise servers.
New York was one of the first jurisdictions to hand down an ethics opinion on this issue in 2010: Opinion 842. In that opinion, the Ethics Committee wisely concluded that “a lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to endure that confidentiality is maintained.”
Since then, more than 20 other states have followed suit and weighed in on the issue of whether lawyers can ethically use cloud computing to store confidential client data on third party servers. And, in each opinion, the ethics committee concluded that it was permissible to do so.
To the best of my knowledge, it’s been a few years since a jurisdiction addressed this particular topic (which I would argue is a sign that the issue is fairly well settled at this point). So I was excited to learn from my friend and Rochester-based social media lawyer, Scott Malouf, that an opinion on cloud computing had recently been issued in a new state: Texas.
In September 2018, the Professional Ethics Committee for the State Bar of Texas issued Opinion 680. At issue in this case was whether Texas lawyers may “use cloud-based client data storage systems or use cloud-based software systems for the creation of client-specific documents where confidential client information is stored or submitted to a cloud-based system.”
At the outset, the Committee rightfully acknowledged that cloud computing use is pervasive: “Cloud-based electronic storage and software systems are in wide use among the general public and lawyers.”
Next, the Committee explained that online communication and data storage systems are no different than any other type of offline systems used for communication or document storage: “While wide usage of an information storage method or software document creation system is not, in itself, justification for its use by lawyers, alternative methods of information storage and document preparation also have an inherent risk of disclosure or misuse—just as a privileged letter to a client through the U.S. Postal Service (versus transmission through email) can be intercepted or accessed by third parties and a client’s file in a lawyer’s office may be susceptible to access or disclosure by unauthorized parties without the lawyer ‘knowingly’ revealing that information.”
In other words, there’s no such thing as absolute security, regardless of whether your law firm’s information is stored and shared online or off.
Next the Committee turned to the issue of whether lawyers can ethically use cloud computing. The Committee noted that the benefits of cloud computing were many, and that in most cases it was permissible for lawyers to store confidential client data in the cloud: “Considering the present state of technology, its common usage to store confidential information, and the potential cost and time savings for clients, a lawyer may use cloud-based electronic data systems and document preparation software for client confidential information.”
Of course, as is always the case when lawyers outsource the management of confidential client data to third parties, lawyers have an obligation to thoroughly vet the third party vendor. The Committee explained that the “reasonable precautions” that lawyers must take include: “(1) acquiring a general understanding of how the cloud technology works; (2) reviewing the “terms of service” to which the lawyer submits when using a specific cloud-based provider just as the lawyer should do when choosing and supervising other types of service providers; (3) learning what protections already exist within the technology for data security; (4) determining whether additional steps, including but not limited to the encryption of client confidential information, should be taken before submitting that client information to a cloud-based system; (5) remaining alert as to whether a particular cloud-based provider is known to be deficient in its data security measures or is or has been unusually vulnerable to “hacking” of stored information; and (6) training for lawyers and staff regarding appropriate protections and considerations.”
The Committee also noted that on rare occasions, certain types of client data may be too sensitive to store in the cloud and thus “(i)n some circumstances it may be appropriate to confer with a client regarding these risks as applicable to a particular matter and obtain a client’s input regarding or consent to using cloud-based electronic data systems and document preparation software”
Finally, and most importantly, the Committee noted that lawyers have a continuing duty to maintain technology competence: “(A) lawyer should remain reasonably aware of changes in technology and the associated risks—without unnecessarily retreating from the use of new technology that may save significant time and money for clients.”
So there you have it. Yet another jurisdiction highlights the benefits of cloud-based computing and green lights its use by lawyers.
It’s not surprising since a lot has changed in the past decade. So if you’ve been on the fence about using cloud computing in your law firm, it’s time to re-assess your position. Cloud computing use has become the norm, even for lawyers. And the benefits of using cloud computing are many: affordable computing power, 24/7 access to your firm’s information, increased mobility, and far more secure communication options than traditional email. If ever there was a time to switch to cloud computing, the time is now. What are you waiting for?
Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at firstname.lastname@example.org.