We’ve pointed out as often as possible that cloud applications like ours offer inherent security advantages over traditional, locally installed litigation software. That’s because cloud providers like Amazon, Microsoft, and Rackspace invest billions of dollar each year in research and development for cloud platforms. Microsoft recently announced it spent 90 percent, or $8.64 billion, of its $9.6 billion R & D budget on cloud services. Amazon Web Services, our partner, spends several billion each year on R & D and even more maintaining its security network.
That message might be slowly taking root. At the recent ABA Techshow, we spent a lot of time listening to lawyers talk about using the cloud for eDiscovery. For the most part, it seems that the security of data is not the primary concern anymore. Instead, it seems to have morphed into a more specific concern about ethical obligations in the cloud. That is, can lawyers give data to cloud providers if that data might cross international borders or otherwise leave their control?
The Ethics of eDiscovery in the Cloud
The most recent ABA Legal Technology Survey found only 21 percent of respondents reported using cloud applications in their practice. (We suspect that number is actually higher, given that many people use cloud applications without knowing it. But that’s another post.) We agree that lawyers must consider the ethical implications before transferring data to a third party. But that only means that attorneys give cloud-based applications the same thought and care as with any other application. The preliminary questions for a cloud provider may be different, but the fundamental concern is the same as always: can you assure me that my client’s confidential information is secure and will not be improperly disclosed to other parties?
Your Ethical Obligations Today
The ABA Model Rule on Client Confidentiality, Rule 1.6 is the most important on this subject, requiring lawyers to protect their client’s property. However, a recent change to ABA Model Rule 1.1 may also apply. That rule now defines “competent representation” as understanding the technology used to undertake representation of the client. That would seem to imply that an attorney must know how technology, including cloud-based eDiscovery software is employed on behalf of a client.
Most state bars haven’t considered cloud computing directly as of yet, although-Alabama, Arizona, California, Iowa, Nevada, New York, North Carolina, Oregon, Pennsylvania, and Vermont have issued some form of formal opinion. In general, these opinions have stated that it is ethical for attorneys to use cloud computing services as long as basic precautions are followed. A number of speakers at the Techshow recommended that attorneys notify new clients that their electronic data may be stored with a third party during the course of representation. This could appear in an engagement letter or any formal agreement with a client. These agreements should also specify that data will not cross international borders, where it could become subject to data privacy regulations. (As mentioned, Nextpoint uses Amazon Web Services, which gives us the ability to ensure data is stored within the continental U.S. or even a more specific geographic region.)
In addition, always consider the security your provider has in place, including:
Firewall to prevent outsiders from breaking into a computer system. Encryption to protect data as it is being transmitted. Intrusion Detection to identify potential threats. Lastly, remember to ensure data portability— that is, a guarantee that your data is yours and can be recovered whenever needed. Nextpoint believes this information should all be transparent and clear. You can see our guarantees at trust.nextpoint.com. Make sure your provider offers the same promises, and the ethical concerns about cloud computing should quickly disappear.