Cloud Computing

Round up: Paperless law firms, cloud computing for lawyers, and choosing legal software

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles since March:


Texas Bar weighs in on lawyers using cloud computing

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Texas Bar weighs in on lawyers using cloud computing

For nearly a decade now, I’ve been tracking ethics opinions that address the issue of whether lawyers can ethically use cloud-based software to store confidential client data. As a refresher, cloud computing is when you store your data on servers owned by a third party instead of on your law firm’s on-premise servers.

New York was one of the first jurisdictions to hand down an ethics opinion on this issue in 2010: Opinion 842. In that opinion, the Ethics Committee wisely concluded that “a lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to endure that confidentiality is maintained.”

Since then, more than 20 other states have followed suit and weighed in on the issue of whether lawyers can ethically use cloud computing to store confidential client data on third party servers. And, in each opinion, the ethics committee concluded that it was permissible to do so.

To the best of my knowledge, it’s been a few years since a jurisdiction addressed this particular topic (which I would argue is a sign that the issue is fairly well settled at this point). So I was excited to learn from my friend and Rochester-based social media lawyer, Scott Malouf, that an opinion on cloud computing had recently been issued in a new state: Texas.

In September 2018, the Professional Ethics Committee for the State Bar of Texas issued Opinion 680. At issue in this case was whether Texas lawyers may “use cloud-based client data storage systems or use cloud-based software systems for the creation of client-specific documents where confidential client information is stored or submitted to a cloud-based system.”

At the outset, the Committee rightfully acknowledged that cloud computing use is pervasive: “Cloud-based electronic storage and software systems are in wide use among the general public and lawyers.”

Next, the Committee explained that online communication and data storage systems are no different than any other type of offline systems used for communication or document storage: “While wide usage of an information storage method or software document creation system is not, in itself, justification for its use by lawyers, alternative methods of information storage and document preparation also have an inherent risk of disclosure or misuse—just as a privileged letter to a client through the U.S. Postal Service (versus transmission through email) can be intercepted or accessed by third parties and a client’s file in a lawyer’s office may be susceptible to access or disclosure by unauthorized parties without the lawyer ‘knowingly’ revealing that information.”

In other words, there’s no such thing as absolute security, regardless of whether your law firm’s information is stored and shared online or off.

Next the Committee turned to the issue of whether lawyers can ethically use cloud computing. The Committee noted that the benefits of cloud computing were many, and that in most cases it was permissible for lawyers to store confidential client data in the cloud: “Considering the present state of technology, its common usage to store confidential information, and the potential cost and time savings for clients, a lawyer may use cloud-based electronic data systems and document preparation software for client confidential information.”

Of course, as is always the case when lawyers outsource the management of confidential client data to third parties, lawyers have an obligation to thoroughly vet the third party vendor. The Committee explained that the “reasonable precautions” that lawyers must take include: “(1) acquiring a general understanding of how the cloud technology works; (2) reviewing the “terms of service” to which the lawyer submits when using a specific cloud-based provider just as the lawyer should do when choosing and supervising other types of service providers; (3) learning what protections already exist within the technology for data security; (4) determining whether additional steps, including but not limited to the encryption of client confidential information, should be taken before submitting that client information to a cloud-based system; (5) remaining alert as to whether a particular cloud-based provider is known to be deficient in its data security measures or is or has been unusually vulnerable to “hacking” of stored information; and (6) training for lawyers and staff regarding appropriate protections and considerations.”

The Committee also noted that on rare occasions, certain types of client data may be too sensitive to store in the cloud and thus “(i)n some circumstances it may be appropriate to confer with a client regarding these risks as applicable to a particular matter and obtain a client’s input regarding or consent to using cloud-based electronic data systems and document preparation software”

Finally, and most importantly, the Committee noted that lawyers have a continuing duty to maintain technology competence: “(A) lawyer should remain reasonably aware of changes in technology and the associated risks—without unnecessarily retreating from the use of new technology that may save significant time and money for clients.”

So there you have it. Yet another jurisdiction highlights the benefits of cloud-based computing and green lights its use by lawyers.

It’s not surprising since a lot has changed in the past decade. So if you’ve been on the fence about using cloud computing in your law firm, it’s time to re-assess your position. Cloud computing use has become the norm, even for lawyers. And the benefits of using cloud computing are many: affordable computing power, 24/7 access to your firm’s information, increased mobility, and far more secure communication options than traditional email. If ever there was a time to switch to cloud computing, the time is now. What are you waiting for?

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Round Up: Artificial Intelligence, Millennial Lawyers, and Law Practice Management Software

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles from November 2018:


ABA on disaster preparedness and ethical obligations

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

ABA on disaster preparedness and ethical obligations

In the wake of Hurricane Florence, disaster preparedness is on everyone’s minds. For lawyers affected by disasters, natural or otherwise, there are unique concerns given the nature of the services that they provide. Statute of limitations and other deadlines must be met despite the weather, as do clients’ needs and concerns. The drumbeat of the law stops for no one which is why lawyers need to take steps to ensure that their law office will continue to run smoothly even after a natural disaster hits.

For lawyers who are unsure how to go about doing this, an opinion recently issued by the American Bar Association provides some guidance. In Formal Opinion 482, the ABA Standing Committee on Ethics and Professional Responsibility addressed lawyers’ ethical obligations in the face of a disaster and provided advice for lawyers seeking to implement a disaster plan for their law firm.

The opinion addressed a host of different ethical issues faced by lawyers following a disaster in regard to both existing and potential clients. What follows is a summary of some of their recommendations, most of which relate to existing clients.

At the outset, the Committee explained the reason that lawyers must engage in disaster planning: “Lawyers have an ethical obligation to implement reasonable measures to safeguard property and funds they hold for clients or third parties, prepare for business interruption, and keep clients informed about how to contact the lawyers (or their successor counsel).”

Next, the Committee focused on the importance of ensuring an open line of communication with clients, even in the midst of a natural disaster. The Committee emphasized that part of disaster preparedness entails ensuring that client contact information will be readily available after a disaster hits, and that storing information electronically where it is easily accessible 24/7 is often a important part of making that happen: “One of the early steps lawyers will have to take after a disaster is determining the available methods to communicate with clients. To be able to reach clients following a disaster, lawyers should maintain, or be able to create on short notice, electronic or paper lists of current clients and their contact information. This information should be stored in a manner that is easily accessible.”

The value of online storage, typically in the cloud, was repeatedly stressed throughout the opinion. The Committee explained that exploring these options and choosing the right provider are important steps to take as part of disaster preparedness: “(L)awyers must evaluate in advance storing files electronically so that they will have access to those files via the Internet if they have access to a working computer or smart device after a disaster. If Internet access to files is provided through a cloud service, the lawyer should (i) choose a reputable company, and (ii) take reasonable steps to ensure that the confidentiality of client information is preserved, and that the information is readily accessible to the lawyer.”

The Committee also offered the following guidelines for law firms creating a disaster plan:

Lawyers should check with the courts and bar associations in their jurisdictions to determine whether deadlines have been extended.
Lawyers also must take reasonable steps in the event of a disaster to ensure access to funds the lawyer is holding in trust.lawyers should take appropriate steps in advance to determine how they will obtain access to their accounts after a disaster.
Lawyers whose circumstances following a disaster render them unable to fulfill their ethical responsibilities to clients may be required to withdraw from those representations.
To prevent the loss of files and other important records, including client files and trust account records, lawyers should maintain an electronic copy of important documents in an off-site location that is updated regularly.
(Lawyers) must notify current and former clients of the loss of documents with intrinsic value, such as original executed wills and trusts, deeds, and negotiable instruments.

Finally, the Committee concluded the opinion with these words of advice: “Lawyers must be prepared to deal with disasters. Foremost among a lawyer’s ethical obligations are those to existing clients, particularly in maintaining communication. Lawyers must also protect documents, funds, and other property the lawyer is holding for clients or third parties. By proper advance preparation and taking advantage of available technology during recovery efforts, lawyers will reduce the risk of violating professional obligations after a disaster.”

You never know when a disaster may strike. Whether it’s a fire, flooding, or other unexpected occurrence, planning is key. Is your firm ready for a disaster? It not, there’s no better time than now to start planing, and reading this opinion in its entirety is a great place to start.

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Round Up: Legal Innovation, Law Firm Billing, Legal Tech Gadgets, and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles from August and September 2018:


Round Up: Law School Advice, Legal Billing Software, Online Collaboration and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles from June 2018:


Round Up: Legal Beach Reads, Alternative Fees, Cybersecurity, And More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles from May 2018:

 


Significantly More Lawyers Using Cloud Computing in 2017

Stacked3Here is this week's Daily Record column. My past Daily Record articles can be accessed here.

*****

Cloud computing, where data is stored offsite on servers owned by third parties and accessed via an internet connection - has been around for more than a decade now. At first, lawyers have were slow to adopt to the concept even though it offers a host of benefits, including 24/7 access to law firm data, the convenience and flexibility of being able to enter billable time on the go, communicate and collaborate with clients in a secure online environment, and easily manage calendaring and tasks from any internet-enabled device - all at an affordable price.

Despite these benefits, lawyers use of cloud computing initially remained fairly steady at a little over 30% according to the the American Bar Association’s annual Legal Technology Survey Report. However, in 2016 those numbers began to increase and in the 2017 Report that was just released, that percentage increased substantially. These statistics comport with a prediction that I made in one of my Daily Record columns in December 2015:

“Cloud computing will be a different story in 2016. I predict that 2016 is the year that self-reported cloud computing use starts to increase. I make this distinction because over the past 2 years, according to a number of surveys, self-reported cloud computing use by solo and small firm lawyers has remained somewhat stagnant at around ~30%.…But as the concept becomes more familiar over time and lawyers have a better grasp of what cloud computing is and which software platforms and apps are built upon it, more lawyers will begin to report that they use it and/or realize that they’re using it already.”

As I predicted, after remaining stagnant at ~30% from 2013-15, with that percentage increasing to 38% in 2016. Interestingly, this year’s survey results showed a marked increase in the number of lawyers using cloud computing, with that percentage jumping to a whopping 52% for all lawyers in 2017.

Solo and small firm lawyers lead the way in cloud computing use according the 2017 Report. The survey results indicate that 56% of lawyers from firms of 2-9 attorneys used cloud computing (compared to 46% in 2016, 40% in 2015, and 35% in 2014), as did 56% of solo lawyers (compared to 42% in 2016, 37% in 2015, and 35% in 2014), 52% of lawyers from firms of 10-49 attorneys (compared with 33% in 2016, 23% in 2015, and 29% in 2014), and 42% from firms of 100 or more attorneys (compared with 20% in 2016, 17% in 2015, and 19% in 2014).

Lawyers were also asked to share which cloud computing programs they used in their firms. The 3 most popular legal cloud computing software programs used by lawyers were MyCase, NetDocs, and Clio. The 3 most popular non-legal cloud computing programs used by lawyers were Dropbox, iCloud, and Google Docs.

When asked why they chose to use cloud computing software in their law firms, respondents provided a vast array of reasons. The most popular benefit cited was easy browser access from anywhere (73%), followed by 24/7 availability (64%), low cost of entry and predictable monthly expense (48%), robust data back-up and recovery(45%), quick to get up and running (39%), eliminates IT & software management requirements (30%), and better security than can be provided in-office (25%).

It’s clear that we’ve reached the tipping point now that more than half of all lawyers use cloud computing in their law firms. For lawyers who have not yet made the leap to the cloud, the good news it that there are now more legal cloud computing software choices than ever before.

The trick is coo choose a well-funded, reliable vendor with staying power, so make sure to carefully vet each software provider that you’re considering. You can find a list of questions to ask third party vendors here: https://tinyurl.com/Questions4LegalVendors. It’s also important to check online for reviews from current customers. Finally, reputable vendors will also offer free trial access to their software so make sure to take advantage of that option and then test drive a few different software programs before committing.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for solo and small law firms. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She can be reached at niki@mycase.com.


NYC Bar on lawyers’ ethical obligations at the border

Stacked3Here is this week's Daily Record column. My past Daily Record articles can be accessed here.

*****

NYC Bar on lawyers’ ethical obligations at the border

Since the election, border crossings have been subject to greater scrutiny by border control agents. This presents a problem for lawyers, who often cross the border carrying electronic devices which contain confidential client information that they are duty bound to protect. Fortunately, the New York City Bar Association provided timely guidance last month when it addressed this issue in Formal Opinion 2017-5 (online: https://tinyurl.com/NYCBarBorder).

This opinion considered the extent of an attorney’s ethical obligation to “protect confidential information prior to crossing a U.S. border, during border searches, and thereafter.” The specific factual scenario at issue involved an attorney who was traveling abroad and was carrying a portable electronic device that stored confidential client data. When the attorney attempted to cross into the United States, an authorized U.S. border control agent demanded that the attorney “unlock” the device. The attorney did not have client consent to disclose any confidential information.

The lengthy, in depth opinion covered a variety of issues, including the ethical obligations of lawyers in this scenario, the limits of the lawful authority of border control agents, and the types of data that may be accessed an reviewed.

The primary conclusions reached by the Professional Ethics Committee were:

Before crossing the U.S. border attorneys must undertake reasonable efforts to protect confidential information;
At the U.S. border attorneys may disclose clients’ confidential information only to the extent “reasonably necessary” to respond to a government agent’s claim of lawful authority;
If confidential information is disclosed during a border search, an attorney must promptly inform affected clients.

The Committee explained that “reasonable efforts” to protect client data will vary. This determination will necessarily turn on “the ease or inconvenience of avoiding possession of confidential information; the need to maintain access to the particular information and its sensitivity; the risk of a border inspection; and any other relevant considerations.”

Importantly the Committee wisely acknowledged that there is no bright line test available to help lawyers ascertain what conduct is reasonable. This is because of “the rapid pace of technological development and the disparities between the practices, capabilities, and resources of attorneys… (which make it) difficult or impossible to identify a list of minimum mandatory prophylactic or technical measures for an attorney to adopt before crossing the U.S. border.”

According to the Committee, one way to avoid the possibility of being required to disclose confidential information at the border is to ensure that no data is stored locally on your mobile devices. Encrypting devices or storing data in cloud are two of the recommended options that lawyers who take data with them when they travel internationally should consider: A lawyer…who handles more sensitive information should consider technological solutions that permit secure remote access to confidential information without creating local copies on the device; storing confidential information and communications in secure online locations rather than locally on the device; or using encrypted software to attempt to restrict access to mobile devices.”

Finally, the Committee concluded that if a lawyer is faced with a purportedly lawful request to access confidential client data, “the attorney first must take reasonable measures to prevent disclosure of confidential information, which would include informing the border agent that the device or files in question contain privileged or confidential materials, requesting that such materials not be searched or copied, asking to speak to a superior officer and making any other lawful requests to protect the confidential information from disclosure. To demonstrate that the device contains attorney-client materials, the attorney should carry proof of bar membership, such as an attorney ID card, when crossing a U.S. border.”

All in all, this is a very useful, well-researched opinion that provides a wealth of information for lawyers who travel internationally regarding their ethical obligations. It offers in depth guidance to assist lawyers in understanding their duties and includes detailed recommendations for preserving client confidences. If International travel is on your agenda in the near future, you’d be well advised to read this opinion prior to your trip.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for solo and small law firms. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She can be reached at niki@mycase.com.


Ohio Bar green lights cloud computing and virtual law firms

Stacked3Here is this week's Daily Record column. My past Daily Record articles can be accessed here.

*****

Ohio Bar green lights cloud computing and virtual law firms

Cloud computing - where electronic data is stored offsite on servers owned and maintained by a third party - is quite common in 2017. The proliferation of mobile devices, which are essentially useless in the absence of cloud computing, has helped contribute to this trend. Another relevant factor is the convenience and flexibility offered by web-based computing. When data is stored in the cloud, it can be accessed from anywhere using any internet-enabled device, at any time, day or night.

Because of the many benefits offered by cloud computing, more and more lawyers are using cloud-based software to store and access documents, track time and billing, manage their contacts and calendars, accept online credit card payments from clients, and interact and collaborate with clients, experts, co-counsel, and more. Lawyers are even foregoing brick and mortar law firms and launching virtual law practices.

Because of these developments ethical committees across the country are weighing in on lawyers using cloud computing in their practices, with more than 25 permitting it thus far. In June, Ohio joined their ranks when the Ohio Board of Professional Conduct issued Opinion 2017-05 (online:
http://www.ohioadvop.org/wp-content/uploads/2017/03/Adv.-Op.-2017-5.pdf).

There were 2 issues considered in the opinion: “1) Is it proper for a lawyer to provide legal services exclusively, or almost exclusively, via a “virtual law office?” 2) Is it proper for a lawyer
operating primarily as a “virtual law office” to lease a shared, nonexclusive office space
for purpose of occasional face-to-face meetings with clients, or receiving mail?”

The Board acknowledged that lawyers have a continuing duty to maintain technology competence, explaining that “a VLO lawyer should possess a general knowledge of the security safeguards for the technology used in the lawyer's practice, or in the alternate hire or associate with persons who properly can advise and inform the lawyer.”

The Board confirmed that Ohio lawyers are permitted to use cloud computing technologies to run virtual law practices. In order to comply with their ethical obligations, lawyer must take reasonable efforts to prevent the unauthorized disclosure of confidential client data. Steps lawyers should take include analyzing “ several nonexclusive factors including 1) the sensitivity of the information, 2) the likelihood of disclosure if additional safeguards are not employed, 3) the cost of employing additional safeguards, 4) the difficulty of implementing the safeguards, and 5) the extent to which the safeguards adversely affect the lawyer’s ability to represent clients.”

Lawyers must also vet third party cloud computing providers and confirm that the vendor understands that lawyers have a duty of confidentiality, and must also verify that the vendor will maintain and regularly back up law firm data. Finally lawyers must “(r)equire that the vendor give the lawyer notice of subpoenas for client data, nonauthorized access to the stored data, or other breach of security, and a reliable means of retrieving the data if the agreement is terminated or the vendor goes out of business.”

Next the Board moved on to address a virtual attorney’s obligation to clients. According to the Board, due to the unique nature of virtual law offices, lawyers must discuss the technologies that the firm uses with clients, along with the communication methods available, and ascertain which ones are amenable to the client. These determinations should be memorialized in the client fee agreement.

Finally, the Board turned to the issue of the office setup of virtual law firms, concluding that a physical office is not required in Ohio. However, an office address must be provided on letterhead and elsewhere which can consist of “the lawyer’s home or physical office, the address of shared office space, or a registered post office box.” And, the use of shared office space with both lawyers or nonlawyers is permissible as long as steps are taken to maintain the confidentiality of client files.

Overall, this opinion is in line with those issued in other jurisdictions and takes a reasonable stance on lawyers using cloud computing software, such as law practice management software, as part of a virtual law office setup. Notably, Ohio allows provides lawyers with flexibility when it comes to listing an office address, permitting the use of an post office box, rather than requiring virtual lawyers who have no physical office space to use their home address, as some justifications do.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for solo and small law firms. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She can be reached at niki@mycase.com.