Avoiding Cybercrime Dangers: Be Careful About Putting Your Firm Data in the Cloud
[This post is the fourteenth in a series. The original post can be found here.]
Almost everyone has data in the cloud, although many people may not realize it. If you are using Gmail or another free email service, iTunes, Facebook, LinkedIn or other social media tools, Dropbox, or doing online banking, your data is in the cloud. The “cloud” is the very large number of computers that are all connected and sharing information with each other across the Internet. If you create or post information that ends up outside your office, you are most likely in the cloud.
Cloud computing offers many benefits to lawyers. There is a vast selection of services, software and applications that can assist with just about every task in a modern law office, in many cases allowing those tasks to be accomplished more efficiently and quickly. Many of these services permit remote access, thereby allowing lawyers and staff to work from anywhere with full access to all documents and information for a matter. Using these services is usually economical as they can significantly reduce hardware and software maintenance costs and capital outlays. Storing data with suitable cloud service providers will likely mean that it is more secure and better backed up than it might be in a typical law office.
However, placing your client or firm data in the hands of third parties raises issues of security, privacy, regulatory compliance, and risk management, among others. Firms should have a process in place to ensure due diligence is performed and all risks and benefits are considered before any firm data is moved to the cloud. The evolving standard from U.S. ethics rules and opinions seems to be that lawyers must make reasonable efforts to ensure any data they place in the cloud is reasonably secure. Contracts with any third party that is in possession of confidential client information should deal with relevant security and ethical issues, including having specific provisions that require all information is properly stored and secured to prevent inappropriate access.
The Law Society of British Columbia has a “Cloud Computing Checklist” that will assist firms in identifying the issues that should be considered when performing the due diligence on a cloud provider.
When considering your options, keep in mind that a cloud product or service designed for lawyers may have been developed with the professional, ethical and privacy requirements of lawyers in mind.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.