Cloud computing has been conditionally approved for use by lawyers in North Carolina and Pennsylvania, according to a new column by Bob Ambrogi. The ethics opinions from both states say that lawyers can use cloud computing services to store client information so long as the lawyer takes certain steps to make sure that client information is safely stored. In particular, attorneys are expected to be careful in selecting their cloud computing vendor and to carefully review the vendor’s terms of service to make sure the terms have adequate safeguards for handling confidential information.
All of this makes sense, of course. The real problem lies in reading terms of service that are often arcane and do not directly address lawyers’ concerns. For example:
- What steps does the vendor take to ensure that only the lawyer can access the data?
- What steps does a vendor take to notify the lawyer if the vendor receives a subpoena that may require the turnover of data that belongs to the lawyer?
- If the vendor goes out of business, how easily can the lawyer retrieve the client’s information and ensure it is deleted from the vendor’s servers?
Those are perhaps the primary concerns lawyers have when it comes to cloud computing. So far, no vendor I’m aware of has clear terms of service that address these issues head on, although SpiderOak comes closest.
Of course, there’s nothing that says a lawyer can’t rely on some self-help when it comes to using some cloud computing options. In an upcoming column, I’ll detail a work-around that can be used with one of the most popular cloud computing services. It’s far from perfect, but it is a viable option for some lawyers.