SlideShare a Scribd company logo

Law Practice Management in the Cloud

Courtney Fisk
Courtney Fisk
1 of 16
Download to read offline
LAW PRACTICE MANAGEMENT IN THE CLOUD Introduction In today’s global economy, information technology (IT) is ever-changing and evolving at a break-neck rate of speed. Businesses that are hesitant or reluctant to upgrade or improve their IT infrastructure are finding it hard to compete within their industry. At the same time however, the increased availability of new technology at a lower cost has raised several issues concerning security and safety of company and client information. The legal field is one industry in particular where the privacy and confidentiality involved with client information is of specific concern in moving toward lower cost, more efficient practice management technology and software, such as those programs offered as software as a service (SaaS) through cloud computing. The Oxford Dictionary defines cloud computing as “the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or personal computer.” (Oxford). It is further defined by the National Institute of Standards and Technology (NIST) as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (Garfinkel, 2011). It has been noted that the five main principles behind cloud computing are as follows: availability; high utilization; dynamic scale without capital expenditure; automated creation of new virtual machines or deletion of existing ones; and a per-usage business model. (Razavi, 2011). One of the three types of service commonly provided by cloud providers is Software as a service (SaaS), which is defined as a model of software deployment that
2 uses the Internet to deliver applications on-demand rather than through a physical software component or software seat. (Pearlson & Saunders, 2012). SaaS can be deployed in a private or community cloud, or a hybrid of the two. In a private cloud, the organization operates a cloud strictly for its own use, while a community cloud is a private cloud shared by several organizations in order to support a specific requirement (such as healthcare organizations operating in a community cloud to hold patient medical and billing records). (Garfinkel, 2011). A hybrid cloud model combines the two by providing and managing some resources in a private cloud in-house, while essentially outsourcing other resources externally in a community cloud. Cloud computing has a lower up-front cost than traditional law practice management software systems, as it generally reduces the expense of new hardware, software license fees, installation costs and training costs. (Kyle, 2013). In addition, cloud computing allows outsourcing of certain areas such as accounting and records management at a much lower cost, generally on a monthly fee schedule. (Kyle, 2013). With a lower overhead cost and widened opportunity for quick and seamless acquisition, it would seem that many lawyers would rush to begin performing in the cloud as soon as possible. However, concerns over the security of confidential client information has given rise to some uncertainty in subscribing to such cloud-based services. Creating Value A. Legal Implications Despite the ease and cost efficiency of utilizing cloud-based SaaS services, attorneys must be very aware of the legal ramifications involved with handling such sensitive information. Of specific concern is personally identifiable information (PII) or
3 personal information belonging to your client’s customers. (Heikkila, 2009). PII is defined as pieces of computerized data that can be used to distinguish or trace an individual’s identity. (Heikkila, 2009). In Michigan, PII includes a person’s first name or first initial along with last name used together with the following information: • Address and telephone number; • Driver’s license or state identification • Social Security Number • Place of employment • Employee identification number • Employer or taxpayer identification number • Government passport number • Health insurance identification number • Mother’s maiden name • Demand deposit account number • Savings account number • Financial transaction device account number or password • Stock or other security certificate or account number • Credit card account number • Vital record • Medical records or information (MCL 445.63(o)). Additionally, Michigan considers PII to also include a person’s first name or first initial along with last name linked to one or more of the following piece of information:
4 • Social Security Number • Driver’s license or state identification • Demand deposit or other financial account number, or credit/debit card number in conjunction with any required security code, access code or password that would permit access to any of the individual’s financial accounts. (MCL 445.63(e), (p)). Under Michigan’s data security law, if any of the above-listed information is accessed or acquired by an unauthorized party whether in the form of unencrypted, un- redacted or encrypted data with unauthorized access to the encryption key, lest face a penalty of $250.00 per breach. (MCL 445.72(1)(a)-(b), (12)-(14)). B. Ethical Implications Attorneys must also carefully consider that they have an ethical obligation to safeguard client data, including that which is stored in electronic format on a network connected to the Internet, such as that utilized in the cloud. (Comerford, 2006). The American Bar Association (ABA) Commission on Ethics 20/20 has addressed the issue by modifying the Model Rules of Professional Conduct in relation to cloud-computing services. (Reach, 2012). The first modification made is in regard to the commentary after MRPC 1.1, which is the rule that addresses a lawyer’s competence in providing legal representation to a client. (MRPC 1.1). Comment [6] to MRPC 1.1 now includes the following emphasized clause: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to
5 which the lawyer is subject.” (MRPC 1.1 [6]). This comment was amended with the intention that lawyers would consider it as an ethical requirement to keep abreast and fully understand advances in technology that would “genuinely relate” to his or her competency in effectively representing a client. (Barkett, 2013). The second modification applies to MRPC 1.6, which addresses the confidentiality of client information. (MRPC 1.6). An additional subparagraph has been entered, which states: “(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” (MRPC 1.6(c)). Accompanying the new text is an additional paragraph in Comment [16] of MRPC 1.6, which directly relates to a lawyer’s use of a cloud storage vendor: “The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with non-lawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].”
6 At this time, 15 state bar associations (not including Michigan) have issued opinions regarding the use of legal cloud computing, all of which concurring that the use of the same is legal among attorneys so long as reasonable care is practiced in doing so. (Gonsalves, 2013). Given the strict legal guidelines involved, cloud service providers need to prove to attorneys and law firms beyond a reasonable doubt that their cloud and SaaS offerings meet strict minimum standards of safeguarding client privacy. (Gonsalves, 2013). At the same time, lawyers also need to recognize that they have an ethical obligation to understand cloud computing and any technology being used thereunder, so they may take the appropriate steps to comply with the ethical obligations associated with client information and confidentiality. (Prof. Ethics FL, 2013). IS Management Challenge For many years, large law firms have had the financial capability to justify the purchase of expensive software programs to organize the various work areas within the company. These programs have historically been branded with a very high purchase price, along with an equally high price for training the work staff and purchasing hardware to complement the software. Such output costs, added to the loss of revenue from hours spent by key members of the law firm while being trained on the new programs, have made it increasingly difficult for mid-size and boutique firms to justify the purchase of such systems. A. SaaS and Traditional Software Upgrades With the rise of cloud computing and SaaS programs, several smaller firms are now able to utilize practice management software that would previously been out of range financially on an “as needed” basis. Previously outsourced services such as
7 accounting, central services and records management can be maintained either in-house using SaaS, or in the cloud using a hybrid structured process. This outsourcing still accounts for a chunk of company profits, however it does not financially equate with the financial input necessary to purchase some of the historically well-known practice management software systems. On the contrary, with the development of new, more affordable and efficient software systems available through the cloud as SaaS, more law offices, both large and small, are able to take advantage of the available technology at a fraction of the price. For example, many of the small or boutique firms are able to outsource billing and accounting practices to cloud-based vendors who will track-down and collect funds that would have otherwise been disregarded or forgotten for lack of individual time or resources in investigating uncollected receivables. Even state governments are using the opportunity to switch to cloud-based SaaS services for handing legal practice management. For example, after consolidating its IT operations in 2010, the State of California began looking for opportunistic ways to use cloud computing to cut costs, improve operational efficiencies, reduce paper usage and provide an overall improved service to its residents. (PR Newswire, 2011). This search led the California Department of General Services (DGS) and the Department of Fair Employment and Housing (DFEH) to sign a 5-year contract with LogicBit Corporation for use of its web-based legal practice management product HoudiniESQ. (PR Newswire, 2011). Offered both on-site and via the cloud, HoudiniESQ offers secure access to data from nearly anywhere an Internet connection exists via various media devices, and is able to integrate with Microsoft Word, Microsoft Excel, Microsoft
8 Outlook and Intuit Quickbooks. (PR Newswire, 2011). The ease of accessibility among the many existing devices in the State of California architectural infrastructure made the switch to the cloud-based system more attractive, given that the purchase of new or modified hardware was not necessary, saving the state and its residents money in the long run. Given the many benefits of cloud computing, vendors of traditional practice management software programs are evolving to offer their clients patches and upgrades in the cloud. Unfortunately, many of the upgrades are costly much like the original software, and involve drastic evolutionary changes to the user interface, requiring time and possible training to learn the new features. Although some of the patches or upgrades may be unnecessary to continue proper functionality of the practice management software system, others are necessary to continue working with the new or updated operating systems currently available. This being the case, it is important as a manager to be aware of the mode of operation the vendor undertakes when handling cloud-based upgrades to the existing software systems. Specifically, a manager would want to know how the vendor would notify the organization when notable upgrades are available. Once notified of a potential upgrade or patch, the manager would then need to inquire as to the anticipated value the upgrade or patch would grant to the existing system, how much time it would take to perform the upgrade, how much the upgrade would cost in accordance with the monthly subscription fee, and how much training would be required to bring employees up to speed on the upgraded system. B. Establishing Trust or Acceptance of New Technology
9 An additional concern involved in using cloud-based law practice management is in convincing other attorneys to accept the new technology and become accustomed to using it in every day practice. To explain, many of the senior or more conservative members of a law firm do not understand what “the cloud” is – many of them rarely even use a computer for more than email or inner-office messaging. Personal assistants or paralegals, transcribing either from audiotape or from hand-written notes, do most of the computing for this particular band of attorneys, much as it has been done since the invention of a typewriter. Not only are many older members of the bar distrustful of technology, they are generally distrustful of sharing client information or documents in anything other than a physical paper file where they can tangibly examine the contents at will. Switching to a cloud-based service for practice management generally entails document scanning and archival in the cloud with retrieval by either a bar code or other numerical code system off-site. Physical files, although maintained for originality and authenticity purposes while a case is pending or in appeal, are generally shipped to off- site physical storage buildings until the statutory time period has lapsed for destruction. Keeping the documents “up in the air” or “out in limbo” as I’ve heard some attorneys term cloud usage, is simply too difficult for some to contemplate given what they believe to be a lack of control over the file. Moreover, a sheer lack of knowledge of computer technology and a stubbornness or unwillingness to learn anything computer-related could be difficult to overcome in some instances. One way these issues could be addressed is by having divided meetings among the firm, first discussing the transition with the support staff and then moving up the ladder to the senior most members. In most cases, it is the individual support staff
10 assigned to an attorney who ultimately has the most power in teaching the new technology to the attorney. If an attorney feels as though his or her support staff is competent in handling a new or modified mode of operation, it makes it easier for him or her to trust that those important documents “up in the air” are not being lost or inappropriately handled in the cloud. Once this trust is established, carving-out a small amount of time during each week’s progress meeting to discuss how the new technology is being used would not only allow an open forum for sharing ideas on how to best utilize the system, but it would also provide ongoing training to those who are still having trouble trusting the system. Another way to deal with this issue is to present the bottom line financially. Showing the profit-sharing senior members of a law firm how much money they will save in capital expenditures and overhead may shift the balance just enough to convince them, albeit begrudgingly, to take the change in stride. Traditional law firm practice management software requires a large capital investment up front, given the need to purchase a license for and train each user. In addition, the hardware necessary to effectively operate the software in total, such as various large capacity scanners, document automation software, compatible operating system software and on-site network servers, can extend beyond 6 figures depending on how large the law firm is and how much information you will need to store. The costs associated with ongoing maintenance and support, when needed, and the purchase or transfer of licenses as employees come and go are also of consideration. On the other hand, cloud computing allows the firm to rent the software it needs when it needs it through SaaS. Licensing is not necessary; therefore the cost typically
11 associated with the transfer of use from one employee or attorney to the next is not an issue. Generally, no additional hardware is needed outside of the run of the mill office machinery typically found within a law firm such as printers, scanners, and other computing devices, which eliminates another up-front cost. In addition, a server is not generally needed in-house because everything operates in the cloud. However, while naming all of the savings realized at the forefront of a cloud computing transition, one main thing to consider for the next 3-5 years is the overall growth you anticipate within your firm and how that could affect your savings in the long haul. Although cloud-based services are generally offered on a monthly subscription basis, data management is usually limited to a set storage amount for each month. It is anticipated that while you may add to the amount of data stored in the cloud every month, you will also be deleting data from the cloud that is no longer needed. That being the case, if you anticipate growth in the volume of cases your firm will take over a 12-18 month period, or in the complexity of the cases you already have which would require a rapid influx of data within that period of time, as manager you may want to consider upgrading your data storage subscription to avoid any potential repeated overages. Should the need for additional data storage continue to increase, it would be necessary to examine whether a transition to a traditional on-site server storage system would be more cost effective. Nonetheless, cloud-based SaaS could still be utilized while maintaining data storage in-house, in order to save costs on the traditional software, as enumerated previously. C. Best Practices to Confront Legal and Ethical Concerns
12 In light of the many legal and ethical concerns, the manager would want to very carefully analyze the security concerns of confidential client information, and proceed in a manner to best protect those interests. As far as existing hardware is concerned, I would ensure that the organizational network was protected with various technical controls, such as a firewall, anti-virus software and anti-spyware. Additionally, I would install monitoring software that would oversee usage by looking for possible data leakage while at the same time supervising all things leaving the inner-office network. Finally, I would initiate use of a detection system for intrusion, including protection technology to assist in protecting and detecting when or whether information is being compromised by an outside source. My next task as manager would include a detailed investigation of the vendor our firm intended to use for the cloud-based service or services to determine the level of security that is provided in housing or transmitting information. With that in mind, I would look particularly into whether prior clients or customers have had issues with security breach instances in past dealings with the vendor. Additionally, I would want to review the service agreement or service contract to see how security issues are controlled and handled, should one occur. In the unfortunate circumstance that client information was leaked as a result of faulty vendor handling, I would want to be sure that a steadfast plan was in place to immediately locate the issue and correct the same. Once a vendor is selected, I would then ensure that the firm had an information security management policy handbook, or a portion of the employee handbook devoted to the issue. In this policy portion, I would ensure that the procedures outlining acceptable use of devices (company supplied or BYOD) and client data are specifically named,
13 including those controls for accessing client data through various media devices available to the firm’s employees. As part of the security policy manual, I would include that all devices must be password protected, and that any devices used by employees be registered in an online log or catalog by the employee’s name, type of device, model and serial number. That way, should any device become compromised due to physical loss, access to information by an unauthorized user could be denied by simply terminating the authorized user’s existing online account or license for that device. Additionally, I would institute a policy restricting the removal of client data from the office without encryption in place, and further restrict removal of client data without authorization of the partner or member supervising that client’s case or legal matter. Next, I would ensure that all employees were properly trained on how to handle client data even before its entry into the firm’s internal cloud-based system, and make training a part of the security policy manual. Specifically, I would ensure that only those individuals who are vital to receiving or analyzing client data had access to the information. Then I would ensure that all employees were aware of who those individuals are in the case that they need client data for any reason in carrying-out their daily activities. The less confidential information is shared among the firm’s employees, the less likely any of the information will be leaked – whether intentionally or unintentionally. On this same line of reasoning, I would add a portion to the security manual that covers the destruction of client data and/or notes associated with a client that are not necessary to his or her representation by the firm. Anything paper-based must be cross-shredded internally, and any software or hardware that could contain sensitive information must be destroyed via incineration.
14 In consideration of the many benefits associated with cloud computing and SaaS software for legal practice management, it would seem as though a centralized focus on potential security concerns as a way to reject their use would not be beneficial. So long as proper safety policies and corrective measures were in place prior to undertaking the use of these processes, as manager I would definitely recommend moving forward as enumerated above.
15 RESOURCES Barkett, J. (2013). Ethical Challenges on the Horizon: Confidentiality, Competence and Cloud Computing. ABA Section of Litigation Annual Conference. Chicago, IL. Cloud Computing. (n.d.) In Oxford Dictionaries online. Retrieved from http://www.oxforddictionaries.com/definition/english/cloud-computing Comerford, J. (2006). Competent Computing: A Lawyer’s Ethical Duty to Safeguard the Confidentiality and Integrity of Client Information Stored on Computers and Computer Networks. Georgetown Journal of Legal Ethics, 19, 629. Garfinkel, S. (2011). Cloud Computing Defined: A primer on key terms in Business Impact this month. MIT Technology Review. Retrieved from http://www.technologyreview.com/news/425618/cloud-computing-defined/ Gonsalves, C. (2013). Raising the Bar for Legal Cloud Computing. Channelnomics, Retrieved from http://channelnomics.com/2013/07/01/raising-the-bar-for-legal-cloud- computing/. Heikkila, F. (2009). Data Privacy in the Law Firm. Michigan Bar Journal, pp. 33-36. Kyle, M. (2013). Cloud Computing: The Least a Law Firm Should Know. WebMasterView.com. Retrieved from http://www.webmasterview.com/2013/08/cloud- computing-law-firms/ MCL 445.63 et seq. MCL 445.72 et seq. Model Rules of Professional Conduct 1.1 Model Rules of Professional Conduct 1.6 Pearlson, K. & Saunders, C., (2012). Managing & Using Information Systems: A Strategic Approach (5th ed.). Hoboken, NJ: John Wiley & Sons, Inc. PR Newswire. (2011). The State of California Saves Big by using Cloud Based Legal Practice Management System HoudiniESQ. PR Newswire, June 27, 2011. Professional Ethics Committee of the Florida Bar (2013). Professional Ethics of the Florida Bar, Opinion 12-3. Retrieved from http://www.floridabar.org/tfb/tfbetopin.nsf/SearchView/ETHICS,+OPINION+12- 3?opendocument
16 Razavi, A. & Strommen-Bakhtiar, A. (2011). Should the “CLOUD” be regulated? An assessment. Issues in Informing Science & Information Technology, 8, 219. Reach, C.S. (Jan. 2012). Reach for the cloud: for some, cloud computing remains a nebulous concept. It has the potential to transform law offices and save firms a lot of money on information technology, but cloud computing has its limits. Lawyers should consider the benefits and risks before placing their firms in ‘the cloud’. Trial. P. 38. http://www.justice.org/cps/rde/xchg/justice/hs.xsl/4938.htm

Recommended

Cloud
CloudCloud
Cloudalberto0
 
Judicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingJudicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingInternational Journal of Science and Research (IJSR)
 
Artificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningArtificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningPolsinelli PC
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computingPatrick Fowler
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Tom Kulik
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Cloud computing and law-India legal summit 2011
Cloud computing and law-India legal summit 2011Cloud computing and law-India legal summit 2011
Cloud computing and law-India legal summit 2011Adv Prashant Mali
 

Recommended

Cloud
CloudCloud
Cloudalberto0
 
Judicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingJudicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingInternational Journal of Science and Research (IJSR)
 
Artificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningArtificial Intelligence and Machine Learning
Artificial Intelligence and Machine LearningPolsinelli PC
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computingPatrick Fowler
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...Tom Kulik
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Cloud computing and law-India legal summit 2011
Cloud computing and law-India legal summit 2011Cloud computing and law-India legal summit 2011
Cloud computing and law-India legal summit 2011Adv Prashant Mali
 
Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issuesAdv Prashant Mali
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
IRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and TransparencyIRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and TransparencyIRJET Journal
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)Happiest Minds Technologies
 
Evaluating Legal Technology for Your Law Firm
Evaluating Legal Technology for Your Law FirmEvaluating Legal Technology for Your Law Firm
Evaluating Legal Technology for Your Law FirmClio - Cloud-Based Legal Technology
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Cloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicesCloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicese-Marefa
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaserLava Consult BVBA
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesPeister
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
Cloud Based Legal Practice Management Software 2021 - Legodesk
Cloud Based Legal Practice Management Software 2021 - LegodeskCloud Based Legal Practice Management Software 2021 - Legodesk
Cloud Based Legal Practice Management Software 2021 - LegodeskLegodesk - Legal Practice Management Software
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Ashish vishal
 
al kharaj in islamic land law
al kharaj in islamic land lawal kharaj in islamic land law
al kharaj in islamic land lawSnj SNj
 
Fiqh khums
Fiqh khumsFiqh khums
Fiqh khumsAminah Johansen
 

More Related Content

What's hot

Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issuesAdv Prashant Mali
 
IRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and TransparencyIRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and TransparencyIRJET Journal
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Cloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicesCloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicese-Marefa
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesPeister
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Ashish vishal
 

What's hot (20)

Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issues
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
IRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and TransparencyIRJET- Decentralized Freelancing System - Trust and Transparency
IRJET- Decentralized Freelancing System - Trust and Transparency
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Evaluating Legal Technology for Your Law Firm
Evaluating Legal Technology for Your Law FirmEvaluating Legal Technology for Your Law Firm
Evaluating Legal Technology for Your Law Firm
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
Cloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information servicesCloud computing: Legal and ethical issues in library and information services
Cloud computing: Legal and ethical issues in library and information services
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology Services
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform Operators
 
Cloud Based Legal Practice Management Software 2021 - Legodesk
Cloud Based Legal Practice Management Software 2021 - LegodeskCloud Based Legal Practice Management Software 2021 - Legodesk
Cloud Based Legal Practice Management Software 2021 - Legodesk
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)
 

Viewers also liked

al kharaj in islamic land law
al kharaj in islamic land lawal kharaj in islamic land law
al kharaj in islamic land lawSnj SNj
 
Islamic Wealth Circulation
Islamic Wealth CirculationIslamic Wealth Circulation
Islamic Wealth CirculationFawad Kiyani
 
Islamic economic system
Islamic economic systemIslamic economic system
Islamic economic systemAbdul wahab
 
Pemerintahan Raja Dan Amir
Pemerintahan Raja Dan AmirPemerintahan Raja Dan Amir
Pemerintahan Raja Dan AmirAmir Hyung
 
Jizyah, ghanimah, dan fa'i
Jizyah, ghanimah, dan fa'iJizyah, ghanimah, dan fa'i
Jizyah, ghanimah, dan fa'iYusuf Darismah
 
Zakat & Ushr (1)
Zakat & Ushr (1)Zakat & Ushr (1)
Zakat & Ushr (1)Bushra Khan
 
The Islamic Economy
The Islamic Economy The Islamic Economy
The Islamic Economy greatest man
 
khulafaur rasyidin
khulafaur rasyidinkhulafaur rasyidin
khulafaur rasyidinChaerul Uman
 
Harsh narain jizyah and the spread of islam
Harsh narain jizyah and the spread of islam Harsh narain jizyah and the spread of islam
Harsh narain jizyah and the spread of islam IndiaInspires
 
Islam and the Environment
Islam and the EnvironmentIslam and the Environment
Islam and the EnvironmentMuQeet
 
Pelaksanaan jizyah pada zaman khulafah ar-rasyidin
Pelaksanaan jizyah pada zaman khulafah ar-rasyidinPelaksanaan jizyah pada zaman khulafah ar-rasyidin
Pelaksanaan jizyah pada zaman khulafah ar-rasyidinAsmidahIsdal
 

Viewers also liked (20)

al kharaj in islamic land law
al kharaj in islamic land lawal kharaj in islamic land law
al kharaj in islamic land law
 
Fiqh khums
Fiqh khumsFiqh khums
Fiqh khums
 
Islamic Wealth Circulation
Islamic Wealth CirculationIslamic Wealth Circulation
Islamic Wealth Circulation
 
PowerPoint Ekonomi Islam
PowerPoint Ekonomi IslamPowerPoint Ekonomi Islam
PowerPoint Ekonomi Islam
 
Tax
TaxTax
Tax
 
Islamic+economics
Islamic+economicsIslamic+economics
Islamic+economics
 
Kharaj
KharajKharaj
Kharaj
 
JIZYAH
JIZYAHJIZYAH
JIZYAH
 
Cukai jizyah
Cukai jizyahCukai jizyah
Cukai jizyah
 
Islamic economic system
Islamic economic systemIslamic economic system
Islamic economic system
 
Pemerintahan Raja Dan Amir
Pemerintahan Raja Dan AmirPemerintahan Raja Dan Amir
Pemerintahan Raja Dan Amir
 
Jizyah, ghanimah, dan fa'i
Jizyah, ghanimah, dan fa'iJizyah, ghanimah, dan fa'i
Jizyah, ghanimah, dan fa'i
 
Zakat & Ushr (1)
Zakat & Ushr (1)Zakat & Ushr (1)
Zakat & Ushr (1)
 
Islam and Taation
Islam and TaationIslam and Taation
Islam and Taation
 
The Islamic Economy
The Islamic Economy The Islamic Economy
The Islamic Economy
 
Islam and economics
Islam and economicsIslam and economics
Islam and economics
 
khulafaur rasyidin
khulafaur rasyidinkhulafaur rasyidin
khulafaur rasyidin
 
Harsh narain jizyah and the spread of islam
Harsh narain jizyah and the spread of islam Harsh narain jizyah and the spread of islam
Harsh narain jizyah and the spread of islam
 
Islam and the Environment
Islam and the EnvironmentIslam and the Environment
Islam and the Environment
 
Pelaksanaan jizyah pada zaman khulafah ar-rasyidin
Pelaksanaan jizyah pada zaman khulafah ar-rasyidinPelaksanaan jizyah pada zaman khulafah ar-rasyidin
Pelaksanaan jizyah pada zaman khulafah ar-rasyidin
 

Similar to Law Practice Management in the Cloud

Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudIOSR Journals
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contractsMeera Kaul
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docxoswald1horne84988
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Privacy Issues In Cloud Computing
Privacy Issues In Cloud ComputingPrivacy Issues In Cloud Computing
Privacy Issues In Cloud Computingiosrjce
 
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTING
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTINGADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTING
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTINGijitcs
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutionsijccsa
 
Cloud computing
Cloud computingCloud computing
Cloud computingHira Zahan
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesIJCSIS Research Publications
 
Smart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentSmart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentIRJET Journal
 
New Era in Insurance - Cloud Computing
New Era in Insurance - Cloud ComputingNew Era in Insurance - Cloud Computing
New Era in Insurance - Cloud ComputingNIIT Technologies
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oPradeep Muralidhar
 

Similar to Law Practice Management in the Cloud (20)

Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in Cloud
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
B017660813
B017660813B017660813
B017660813
 
Privacy Issues In Cloud Computing
Privacy Issues In Cloud ComputingPrivacy Issues In Cloud Computing
Privacy Issues In Cloud Computing
 
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTING
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTINGADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTING
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTING
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law Firms
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those Clouds
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
Smart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud EnvironmentSmart and Secure Healthcare Administration over Cloud Environment
Smart and Secure Healthcare Administration over Cloud Environment
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computing
 
New Era in Insurance - Cloud Computing
New Era in Insurance - Cloud ComputingNew Era in Insurance - Cloud Computing
New Era in Insurance - Cloud Computing
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_o
 

Law Practice Management in the Cloud

  • 1. LAW PRACTICE MANAGEMENT IN THE CLOUD Introduction In today’s global economy, information technology (IT) is ever-changing and evolving at a break-neck rate of speed. Businesses that are hesitant or reluctant to upgrade or improve their IT infrastructure are finding it hard to compete within their industry. At the same time however, the increased availability of new technology at a lower cost has raised several issues concerning security and safety of company and client information. The legal field is one industry in particular where the privacy and confidentiality involved with client information is of specific concern in moving toward lower cost, more efficient practice management technology and software, such as those programs offered as software as a service (SaaS) through cloud computing. The Oxford Dictionary defines cloud computing as “the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or personal computer.” (Oxford). It is further defined by the National Institute of Standards and Technology (NIST) as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (Garfinkel, 2011). It has been noted that the five main principles behind cloud computing are as follows: availability; high utilization; dynamic scale without capital expenditure; automated creation of new virtual machines or deletion of existing ones; and a per-usage business model. (Razavi, 2011). One of the three types of service commonly provided by cloud providers is Software as a service (SaaS), which is defined as a model of software deployment that
  • 2. 2 uses the Internet to deliver applications on-demand rather than through a physical software component or software seat. (Pearlson & Saunders, 2012). SaaS can be deployed in a private or community cloud, or a hybrid of the two. In a private cloud, the organization operates a cloud strictly for its own use, while a community cloud is a private cloud shared by several organizations in order to support a specific requirement (such as healthcare organizations operating in a community cloud to hold patient medical and billing records). (Garfinkel, 2011). A hybrid cloud model combines the two by providing and managing some resources in a private cloud in-house, while essentially outsourcing other resources externally in a community cloud. Cloud computing has a lower up-front cost than traditional law practice management software systems, as it generally reduces the expense of new hardware, software license fees, installation costs and training costs. (Kyle, 2013). In addition, cloud computing allows outsourcing of certain areas such as accounting and records management at a much lower cost, generally on a monthly fee schedule. (Kyle, 2013). With a lower overhead cost and widened opportunity for quick and seamless acquisition, it would seem that many lawyers would rush to begin performing in the cloud as soon as possible. However, concerns over the security of confidential client information has given rise to some uncertainty in subscribing to such cloud-based services. Creating Value A. Legal Implications Despite the ease and cost efficiency of utilizing cloud-based SaaS services, attorneys must be very aware of the legal ramifications involved with handling such sensitive information. Of specific concern is personally identifiable information (PII) or
  • 3. 3 personal information belonging to your client’s customers. (Heikkila, 2009). PII is defined as pieces of computerized data that can be used to distinguish or trace an individual’s identity. (Heikkila, 2009). In Michigan, PII includes a person’s first name or first initial along with last name used together with the following information: • Address and telephone number; • Driver’s license or state identification • Social Security Number • Place of employment • Employee identification number • Employer or taxpayer identification number • Government passport number • Health insurance identification number • Mother’s maiden name • Demand deposit account number • Savings account number • Financial transaction device account number or password • Stock or other security certificate or account number • Credit card account number • Vital record • Medical records or information (MCL 445.63(o)). Additionally, Michigan considers PII to also include a person’s first name or first initial along with last name linked to one or more of the following piece of information:
  • 4. 4 • Social Security Number • Driver’s license or state identification • Demand deposit or other financial account number, or credit/debit card number in conjunction with any required security code, access code or password that would permit access to any of the individual’s financial accounts. (MCL 445.63(e), (p)). Under Michigan’s data security law, if any of the above-listed information is accessed or acquired by an unauthorized party whether in the form of unencrypted, un- redacted or encrypted data with unauthorized access to the encryption key, lest face a penalty of $250.00 per breach. (MCL 445.72(1)(a)-(b), (12)-(14)). B. Ethical Implications Attorneys must also carefully consider that they have an ethical obligation to safeguard client data, including that which is stored in electronic format on a network connected to the Internet, such as that utilized in the cloud. (Comerford, 2006). The American Bar Association (ABA) Commission on Ethics 20/20 has addressed the issue by modifying the Model Rules of Professional Conduct in relation to cloud-computing services. (Reach, 2012). The first modification made is in regard to the commentary after MRPC 1.1, which is the rule that addresses a lawyer’s competence in providing legal representation to a client. (MRPC 1.1). Comment [6] to MRPC 1.1 now includes the following emphasized clause: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to
  • 5. 5 which the lawyer is subject.” (MRPC 1.1 [6]). This comment was amended with the intention that lawyers would consider it as an ethical requirement to keep abreast and fully understand advances in technology that would “genuinely relate” to his or her competency in effectively representing a client. (Barkett, 2013). The second modification applies to MRPC 1.6, which addresses the confidentiality of client information. (MRPC 1.6). An additional subparagraph has been entered, which states: “(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” (MRPC 1.6(c)). Accompanying the new text is an additional paragraph in Comment [16] of MRPC 1.6, which directly relates to a lawyer’s use of a cloud storage vendor: “The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with non-lawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].”
  • 6. 6 At this time, 15 state bar associations (not including Michigan) have issued opinions regarding the use of legal cloud computing, all of which concurring that the use of the same is legal among attorneys so long as reasonable care is practiced in doing so. (Gonsalves, 2013). Given the strict legal guidelines involved, cloud service providers need to prove to attorneys and law firms beyond a reasonable doubt that their cloud and SaaS offerings meet strict minimum standards of safeguarding client privacy. (Gonsalves, 2013). At the same time, lawyers also need to recognize that they have an ethical obligation to understand cloud computing and any technology being used thereunder, so they may take the appropriate steps to comply with the ethical obligations associated with client information and confidentiality. (Prof. Ethics FL, 2013). IS Management Challenge For many years, large law firms have had the financial capability to justify the purchase of expensive software programs to organize the various work areas within the company. These programs have historically been branded with a very high purchase price, along with an equally high price for training the work staff and purchasing hardware to complement the software. Such output costs, added to the loss of revenue from hours spent by key members of the law firm while being trained on the new programs, have made it increasingly difficult for mid-size and boutique firms to justify the purchase of such systems. A. SaaS and Traditional Software Upgrades With the rise of cloud computing and SaaS programs, several smaller firms are now able to utilize practice management software that would previously been out of range financially on an “as needed” basis. Previously outsourced services such as
  • 7. 7 accounting, central services and records management can be maintained either in-house using SaaS, or in the cloud using a hybrid structured process. This outsourcing still accounts for a chunk of company profits, however it does not financially equate with the financial input necessary to purchase some of the historically well-known practice management software systems. On the contrary, with the development of new, more affordable and efficient software systems available through the cloud as SaaS, more law offices, both large and small, are able to take advantage of the available technology at a fraction of the price. For example, many of the small or boutique firms are able to outsource billing and accounting practices to cloud-based vendors who will track-down and collect funds that would have otherwise been disregarded or forgotten for lack of individual time or resources in investigating uncollected receivables. Even state governments are using the opportunity to switch to cloud-based SaaS services for handing legal practice management. For example, after consolidating its IT operations in 2010, the State of California began looking for opportunistic ways to use cloud computing to cut costs, improve operational efficiencies, reduce paper usage and provide an overall improved service to its residents. (PR Newswire, 2011). This search led the California Department of General Services (DGS) and the Department of Fair Employment and Housing (DFEH) to sign a 5-year contract with LogicBit Corporation for use of its web-based legal practice management product HoudiniESQ. (PR Newswire, 2011). Offered both on-site and via the cloud, HoudiniESQ offers secure access to data from nearly anywhere an Internet connection exists via various media devices, and is able to integrate with Microsoft Word, Microsoft Excel, Microsoft
  • 8. 8 Outlook and Intuit Quickbooks. (PR Newswire, 2011). The ease of accessibility among the many existing devices in the State of California architectural infrastructure made the switch to the cloud-based system more attractive, given that the purchase of new or modified hardware was not necessary, saving the state and its residents money in the long run. Given the many benefits of cloud computing, vendors of traditional practice management software programs are evolving to offer their clients patches and upgrades in the cloud. Unfortunately, many of the upgrades are costly much like the original software, and involve drastic evolutionary changes to the user interface, requiring time and possible training to learn the new features. Although some of the patches or upgrades may be unnecessary to continue proper functionality of the practice management software system, others are necessary to continue working with the new or updated operating systems currently available. This being the case, it is important as a manager to be aware of the mode of operation the vendor undertakes when handling cloud-based upgrades to the existing software systems. Specifically, a manager would want to know how the vendor would notify the organization when notable upgrades are available. Once notified of a potential upgrade or patch, the manager would then need to inquire as to the anticipated value the upgrade or patch would grant to the existing system, how much time it would take to perform the upgrade, how much the upgrade would cost in accordance with the monthly subscription fee, and how much training would be required to bring employees up to speed on the upgraded system. B. Establishing Trust or Acceptance of New Technology
  • 9. 9 An additional concern involved in using cloud-based law practice management is in convincing other attorneys to accept the new technology and become accustomed to using it in every day practice. To explain, many of the senior or more conservative members of a law firm do not understand what “the cloud” is – many of them rarely even use a computer for more than email or inner-office messaging. Personal assistants or paralegals, transcribing either from audiotape or from hand-written notes, do most of the computing for this particular band of attorneys, much as it has been done since the invention of a typewriter. Not only are many older members of the bar distrustful of technology, they are generally distrustful of sharing client information or documents in anything other than a physical paper file where they can tangibly examine the contents at will. Switching to a cloud-based service for practice management generally entails document scanning and archival in the cloud with retrieval by either a bar code or other numerical code system off-site. Physical files, although maintained for originality and authenticity purposes while a case is pending or in appeal, are generally shipped to off- site physical storage buildings until the statutory time period has lapsed for destruction. Keeping the documents “up in the air” or “out in limbo” as I’ve heard some attorneys term cloud usage, is simply too difficult for some to contemplate given what they believe to be a lack of control over the file. Moreover, a sheer lack of knowledge of computer technology and a stubbornness or unwillingness to learn anything computer-related could be difficult to overcome in some instances. One way these issues could be addressed is by having divided meetings among the firm, first discussing the transition with the support staff and then moving up the ladder to the senior most members. In most cases, it is the individual support staff
  • 10. 10 assigned to an attorney who ultimately has the most power in teaching the new technology to the attorney. If an attorney feels as though his or her support staff is competent in handling a new or modified mode of operation, it makes it easier for him or her to trust that those important documents “up in the air” are not being lost or inappropriately handled in the cloud. Once this trust is established, carving-out a small amount of time during each week’s progress meeting to discuss how the new technology is being used would not only allow an open forum for sharing ideas on how to best utilize the system, but it would also provide ongoing training to those who are still having trouble trusting the system. Another way to deal with this issue is to present the bottom line financially. Showing the profit-sharing senior members of a law firm how much money they will save in capital expenditures and overhead may shift the balance just enough to convince them, albeit begrudgingly, to take the change in stride. Traditional law firm practice management software requires a large capital investment up front, given the need to purchase a license for and train each user. In addition, the hardware necessary to effectively operate the software in total, such as various large capacity scanners, document automation software, compatible operating system software and on-site network servers, can extend beyond 6 figures depending on how large the law firm is and how much information you will need to store. The costs associated with ongoing maintenance and support, when needed, and the purchase or transfer of licenses as employees come and go are also of consideration. On the other hand, cloud computing allows the firm to rent the software it needs when it needs it through SaaS. Licensing is not necessary; therefore the cost typically
  • 11. 11 associated with the transfer of use from one employee or attorney to the next is not an issue. Generally, no additional hardware is needed outside of the run of the mill office machinery typically found within a law firm such as printers, scanners, and other computing devices, which eliminates another up-front cost. In addition, a server is not generally needed in-house because everything operates in the cloud. However, while naming all of the savings realized at the forefront of a cloud computing transition, one main thing to consider for the next 3-5 years is the overall growth you anticipate within your firm and how that could affect your savings in the long haul. Although cloud-based services are generally offered on a monthly subscription basis, data management is usually limited to a set storage amount for each month. It is anticipated that while you may add to the amount of data stored in the cloud every month, you will also be deleting data from the cloud that is no longer needed. That being the case, if you anticipate growth in the volume of cases your firm will take over a 12-18 month period, or in the complexity of the cases you already have which would require a rapid influx of data within that period of time, as manager you may want to consider upgrading your data storage subscription to avoid any potential repeated overages. Should the need for additional data storage continue to increase, it would be necessary to examine whether a transition to a traditional on-site server storage system would be more cost effective. Nonetheless, cloud-based SaaS could still be utilized while maintaining data storage in-house, in order to save costs on the traditional software, as enumerated previously. C. Best Practices to Confront Legal and Ethical Concerns
  • 12. 12 In light of the many legal and ethical concerns, the manager would want to very carefully analyze the security concerns of confidential client information, and proceed in a manner to best protect those interests. As far as existing hardware is concerned, I would ensure that the organizational network was protected with various technical controls, such as a firewall, anti-virus software and anti-spyware. Additionally, I would install monitoring software that would oversee usage by looking for possible data leakage while at the same time supervising all things leaving the inner-office network. Finally, I would initiate use of a detection system for intrusion, including protection technology to assist in protecting and detecting when or whether information is being compromised by an outside source. My next task as manager would include a detailed investigation of the vendor our firm intended to use for the cloud-based service or services to determine the level of security that is provided in housing or transmitting information. With that in mind, I would look particularly into whether prior clients or customers have had issues with security breach instances in past dealings with the vendor. Additionally, I would want to review the service agreement or service contract to see how security issues are controlled and handled, should one occur. In the unfortunate circumstance that client information was leaked as a result of faulty vendor handling, I would want to be sure that a steadfast plan was in place to immediately locate the issue and correct the same. Once a vendor is selected, I would then ensure that the firm had an information security management policy handbook, or a portion of the employee handbook devoted to the issue. In this policy portion, I would ensure that the procedures outlining acceptable use of devices (company supplied or BYOD) and client data are specifically named,
  • 13. 13 including those controls for accessing client data through various media devices available to the firm’s employees. As part of the security policy manual, I would include that all devices must be password protected, and that any devices used by employees be registered in an online log or catalog by the employee’s name, type of device, model and serial number. That way, should any device become compromised due to physical loss, access to information by an unauthorized user could be denied by simply terminating the authorized user’s existing online account or license for that device. Additionally, I would institute a policy restricting the removal of client data from the office without encryption in place, and further restrict removal of client data without authorization of the partner or member supervising that client’s case or legal matter. Next, I would ensure that all employees were properly trained on how to handle client data even before its entry into the firm’s internal cloud-based system, and make training a part of the security policy manual. Specifically, I would ensure that only those individuals who are vital to receiving or analyzing client data had access to the information. Then I would ensure that all employees were aware of who those individuals are in the case that they need client data for any reason in carrying-out their daily activities. The less confidential information is shared among the firm’s employees, the less likely any of the information will be leaked – whether intentionally or unintentionally. On this same line of reasoning, I would add a portion to the security manual that covers the destruction of client data and/or notes associated with a client that are not necessary to his or her representation by the firm. Anything paper-based must be cross-shredded internally, and any software or hardware that could contain sensitive information must be destroyed via incineration.
  • 14. 14 In consideration of the many benefits associated with cloud computing and SaaS software for legal practice management, it would seem as though a centralized focus on potential security concerns as a way to reject their use would not be beneficial. So long as proper safety policies and corrective measures were in place prior to undertaking the use of these processes, as manager I would definitely recommend moving forward as enumerated above.
  • 15. 15 RESOURCES Barkett, J. (2013). Ethical Challenges on the Horizon: Confidentiality, Competence and Cloud Computing. ABA Section of Litigation Annual Conference. Chicago, IL. Cloud Computing. (n.d.) In Oxford Dictionaries online. Retrieved from http://www.oxforddictionaries.com/definition/english/cloud-computing Comerford, J. (2006). Competent Computing: A Lawyer’s Ethical Duty to Safeguard the Confidentiality and Integrity of Client Information Stored on Computers and Computer Networks. Georgetown Journal of Legal Ethics, 19, 629. Garfinkel, S. (2011). Cloud Computing Defined: A primer on key terms in Business Impact this month. MIT Technology Review. Retrieved from http://www.technologyreview.com/news/425618/cloud-computing-defined/ Gonsalves, C. (2013). Raising the Bar for Legal Cloud Computing. Channelnomics, Retrieved from http://channelnomics.com/2013/07/01/raising-the-bar-for-legal-cloud- computing/. Heikkila, F. (2009). Data Privacy in the Law Firm. Michigan Bar Journal, pp. 33-36. Kyle, M. (2013). Cloud Computing: The Least a Law Firm Should Know. WebMasterView.com. Retrieved from http://www.webmasterview.com/2013/08/cloud- computing-law-firms/ MCL 445.63 et seq. MCL 445.72 et seq. Model Rules of Professional Conduct 1.1 Model Rules of Professional Conduct 1.6 Pearlson, K. & Saunders, C., (2012). Managing & Using Information Systems: A Strategic Approach (5th ed.). Hoboken, NJ: John Wiley & Sons, Inc. PR Newswire. (2011). The State of California Saves Big by using Cloud Based Legal Practice Management System HoudiniESQ. PR Newswire, June 27, 2011. Professional Ethics Committee of the Florida Bar (2013). Professional Ethics of the Florida Bar, Opinion 12-3. Retrieved from http://www.floridabar.org/tfb/tfbetopin.nsf/SearchView/ETHICS,+OPINION+12- 3?opendocument
  • 16. 16 Razavi, A. & Strommen-Bakhtiar, A. (2011). Should the “CLOUD” be regulated? An assessment. Issues in Informing Science & Information Technology, 8, 219. Reach, C.S. (Jan. 2012). Reach for the cloud: for some, cloud computing remains a nebulous concept. It has the potential to transform law offices and save firms a lot of money on information technology, but cloud computing has its limits. Lawyers should consider the benefits and risks before placing their firms in ‘the cloud’. Trial. P. 38. http://www.justice.org/cps/rde/xchg/justice/hs.xsl/4938.htm