1. DECEMBER 2015 / BARTALK 13
EUAN SINCLAIR
I
t was so simple in the old
days. The filing system was
secured by lock and key. The
communication “platforms”
were writing a letter, setting
up a meeting or speaking on the
telephone. Any risk of intercep-
tion by unauthorized third parties
was negligible.
Then technology came along
and ruined everything. Technol-
ogy changed the way lawyers
store and access their client data.
It’s only really now, in the age of
high profile hacks, that lawyers
are starting to question where
their data goes when it is in transit
and where it lives when it is at rest
on a server.
The decision for law firms on
where to store data is not an easy
one, for there are many benefits
and risks to take into account. The
choices come down to storing data
on local hard drives or USB sticks
(not recommended), on a shared
drive on a network, or somewhere
on the cloud.
Using a shared drive on a net-
work is the most secure option,
but it does not come cheap. Host-
ing costs will be significant and
a geo-redundant backup server
should also be included as part of
a disaster recovery plan, effective-
ly doubling the cost.
Using the cloud is cost-effect-
ive and convenient but brings an
equal amount of risks and bene-
fits, as outlined in a 2011 survey
by the Law Society of England
and Wales. According to this sur-
vey, the benefits include: improved
backup/disaster recovery; flexibil-
ity; increased storage capacity; in-
creased data handling capacity; re-
duced infrastructure costs; avoid-
ing frequent updates to software;
and reduced internal
IT staff costs.
The risks identified
in the survey include:
security, data confiden-
tiality and location of
data; service reliability
and stability; lack of
control over customiz-
ation and integration;
service response time
and enforcing service
level agreements; speed and band-
width; danger of supplier lock-in;
and difficulty of achieving execu-
tive buy-in.
Law firms with a certain profile
(or those hoping to attract institu-
tional clients) will eschew cloud
services for regulatory reasons or
due to client sensitivities, in any
event. Banks will not generally en-
tertain law firms who store data
on the cloud, for security reasons.
Public bodies are required by the
Freedom of Information and Pro-
tection of Privacy Act to ensure
that their data is stored and ac-
cessed only in Canada.
The issue of data sovereignty
is an important one. There may
be political or legal risks in stor-
ing data in foreign jurisdictions.
The risk of storing data in the U.S.
was judicially considered in Octo-
ber 2015 by the European Union’s
highest court, the Court of Justice
of the European Union. The Court
torpedoed the European Commis-
sion’s “Safe Harbour” scheme for
the safe transfer of
data to the U.S. on the
grounds that the U.S.
does not provide an
adequate level of pro-
tection for data trans-
ferred there.
The risks and bene-
fits are left to law firms
to weigh. In British
Columbia, the Law
Society states that it
regulates lawyers, not technology.
The Benchers adopted the Cloud
Computing Due Diligence Guide-
lines in 2012. The Guidelines are
technology-neutral and leave it to
lawyers to be satisfied that they
have completed sufficient due dili-
gence on the technology they pro-
pose to use.
All that said, there is a saying in
technology: “if you don’t pay for
the product, you are the product.”
Therefore, it is abundantly clear
that lawyers should never make
use of free services like Gmail that
admit they use the personal data
from email messages.
Euan Sinclair is an associate in
Lawson Lundell’s Technology
practice group and the firm’s Dir-
ector of Knowledge Management.
Dreaming on a Cloud?
The tension between security
and convenience
The decision for
law firms on where
to store data is
not an easy one,
for there are many
benefits and risks to
take into account.