Ethics for lawyers in the cloud


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ethics for lawyers in the cloud

  1. 1. What the Model Rules are saying about practices in Cyberspace Donna SeyleLawyer/Writer/
  2. 2. Lawyers’ use of cloud computing is growing as the technology becomes safer, thecost-effectiveness becomes more evident, internal productivity increases, and theneed to provide a variety of legal services delivery becomes a market imperative.The questions have arisen: the use of technology raises ethical questions related tohow lawyers go about choosing cloud vendors, and how they are using cloudproducts chose.In 2009, the ABA formed a new commission, Ethics 20/20, to investigate just that.As a result, although very few changes have been made to the Model Rules, draftopinions, issue papers seeking comments and their replies have emerged fromboth the ABA and various state bar associations that address how the rules applyto cloud computing as they are currently written.The Model Rules that have come under scrutiny and will be discussed are: Confidentiality: Rules 1.6(a) and 1.15 Competence and Diligence: Rules 1.1 and 1.3 Duties to Prospective Clients: Rules 1.18 and 1.2 Unauthorized Practice of Law: Rule 5.5 Duty to Supervise: Rule 5.3
  3. 3.  Confidentiality and Safeguarding Property When client information is transferred and/or stored in a cloud system Use of 3rd-party cloud applications in communicating Relinquish control of data Rule 1.6 standard: lawyers must take “reasonable precautions” to safeguard client information and prevent it from going to unintended recipients during the transmission. Requires due diligence in vetting your choice of vendor Includes hiring a technology advisor if lawyer doesn’t feel capable of making effective choices States have not attempted to define “reasonable care”; technology changes too quickly Be sure to stay current on any changes in regulation in your state
  4. 4.  Requires that the lawyer is thoroughly prepared to provide representation to the client When applied to cloud computing, requires lawyers to understand the technology and security issues when selecting a cloud service provider and devices To do so, lawyers must do their due diligence in vetting their chosen vendor Lawyers must also diligently follow best practices in the use of the technology to insure confidentiality Lawyers’ best practices include using cloud computing to conduct factual research in representing their client Must also inform client of their use of cloud software in the act of representation
  5. 5. It is reasonable to expect the lawyer to vet the vendor to determine itssecurity protocols. Here is a list of questions lawyers can use: What kind of facility will host the data and how are they secured? Who else has access to the facility, servers and data and how is authorization for access determined? How do they screen employees? Does the contract address confidentiality? If not, is the vendor willing to sign a confidentiality agreement? How frequently are back-ups performed? Is data backed up to more than one server? Are they georedundant? Are all servers located in the United States? What types of encryption are used, and how are passwords stored? Is data encrypted both in transit and at rest? Has the vendor been certified by a 3rd party service? Are audits available for review? Are there redundant power supplies for the servers? Is there guaranteed uptime? What remedies are provided for in the event of breach? What are the data breach notification procedures? What are your rights upon termination? Does the vendor carry cyberinsurance? Be sure to review Service Level Agreement (SLA) and Terms of Service (TOS)
  6. 6.  Issue arises in multijurisdictional virtual practice and when providing clients with self-help software solutions 5.5 (a) and (b) restrict a lawyer from practicing in a jurisdiction where she is unlicensed, or establish “systematic and continuous presence” in this jurisdiction Lawyer’s online presence must make clear where she is authorized to practice Should have a jurisdiction check built into the cloud system to ensure client’s residency A virtual lawyer practicing in the state where he is licensed, but resides elsewhere, may establish “systematic and continuous presence” However, some states have residency requirements and “bona fide office” rules (e.g., New Jersey) Lawyers offering self-help software: in Texas, they rewrote their rule that self-help using computer software does not substitute for legal services
  7. 7.  Managing lawyers must make reasonable efforts to ensure a non-lawyers conduct is compatible with professional obligations of the lawyer This includes non-lawyer employees, independent contractors such as paralegals, virtual assistants, and any legal process outsourcing company retained by the firm Use a permissions-based technology system Conduct an extensive conflicts check or have confidentiality agreements signed Be certain outsourced contractors are given a copy of the firm’s policy for use of cloud software and social media
  8. 8.  International Legal Technology Standards Virtual Law Practice – by Stephanie Kimbro Cloud Computing for Lawyers – Nicole Black Law Practice Management Section – American Bar Association