Informed consent and cloud computing


Published on

As online practice management solutions and cloud technology become increasingly prevalent, lawyers face the challenge of assuaging client concerns around the security and confidentiality of hosted online data. They also face the task of gaining informed consent from clients when using such tools for engagement and information management.

How can lawyers implement and use secure communication tools, online client portals, and online practice management solutions while protecting themselves from the confidentiality rules that govern such technologies?

Register now for this webinar with legal technology expert Chad Burton, who will go over salient facts that lawyers need to know when engaging with clients in the cloud, including:

• State ethics opinions on using cloud computing vendors
• Obtaining informed client consent
• Common client concerns related to cloud computing

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • First drafted in 1983 and adopted by 52 jurisdictions, the MRPC has guided the responsibilities and actions of lawyers for decades. These rules are designed to promote competence and diligence by lawyers in representing the interests of clients. Several duties are imposed on lawyers as part of these rules, including those of confidentiality.
  • In the official comments associated with the rules creating the duty of confidentiality, the MRPC discusses some factors that can govern the reasonable efforts a lawyer must take to maintain confidentiality. These factors can include:the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients.
  • In order to consider a client informed, a lawyer must make reasonable efforts to ensure that the client or other person possesses information reasonably adequate to make an informed decision. Clients should be made aware of the material advantages and disadvantages of the proposed course of conduct and a discussion of the client's or other person's options and alternatives as part of informing the client. Lawyers must also promptly inform the client of any decision or circumstance with respect to which the client's informed consent.Model Rules of Prof'l Conduct R. 1.0 cmt. 6.Id.Model Rules of Prof'l Conduct R. 1.4(a)(1).Competency includes keeping abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology. In determining whether the information and explanation provided are reasonably adequate, relevant factors include whether the client or other person is experienced in legal matters generally and in making decisions of the type involved, and whether the client or other person is independently represented by other counsel in giving the consent.Model Rules of Prof'l Conduct R. 1.1 cmt. 8.Model Rules of Prof'l Conduct R. 1.0 cmt. 6.
  • Pennsylvania Bar Association Committee On Legal Ethics And Professional Responsibility, “Ethical Obligations For Attorneys Using Cloud Computing/ Software As A Service While Fulfilling The Duties Of Confidentiality And Preservation Of Client Property.” (Formal Opinion 2011-200).
  • Informed consent and cloud computing

    1. 1. Informed Consent & Cloud Computing Joshua Lenon, esq. Clio – Practice Management Simplified
    2. 2. Cloud Computing Ethics Opinions
    3. 3. Traditional Computing Model The Internet Local Area Network
    4. 4. Software-as-a-Service Model The Internet Local Area Network
    6. 6. Lawyers’Duties • Communication • Respond to or acknowledge client communications • Diligence 6 • On behalf of your client • Competence • Awareness of changes in the law & practice • Benefits and of relevant technology • Continuity • Records retention • Confidentiality 6
    7. 7. R. 1.6 - Confidentiality • Lawyers must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. • Exemptions exist • Disclosure is impliedly authorized in order to carry out representation of the client’s interests • Duty extends to the use of nonlawyers assisting the lawyer • R. 5.3
    8. 8. Rules specifically allow lawyers to disclose confidential client information with informed consent.
    9. 9. Informed Consent • “The agreement by a person to a proposed course of conduct after the lawyer has communicated adequate information and explanation about the material risks of and reasonably available alternatives to the proposed course of conduct.” • Affirmative Response is Required • Written Affirmation NOT Required on Disclosing Confidential Information
    10. 10. Informed Consent • Requirements • Lawyer must make reasonable efforts to inform • Client possesses information reasonably adequate to make an informed decision • Reasonable Standard • Reasonably prudent and competent lawyer • R. 1.0(H)
    11. 11. Reasonable and Cloud Computing • Basic understanding of electronic protections afforded by technology • Consultation with experts • Use providers that have • Reasonable security procedures • Understanding of lawyers’ professional obligations
    12. 12. Security Procedures • explicitly agrees that it has no ownership or security interest in the data; • has an enforceable obligation to preserve security; • will notify the lawyer if requested to produce data to a third party, and provide the lawyer with the ability to respond to the request before the provider produces the requested information; • has technology built to withstand a reasonably foreseeable attempt to infiltrate data, including penetration testing; • includes in its “Terms of Service” or “Service Level Agreement” an agreement about how confidential client information will be handled; • provides the firm with right to audit the provider’s security procedures and to obtain copies of any security audits performed; • will host the firm’s data only within a specified geographic area. If by agreement, the data are hosted outside of the United States, the law firm must determine that the hosting jurisdiction has privacy laws, data security laws, and protections against unlawful search and seizure that are as rigorous as those of the United States and Pennsylvania; • provides a method of retrieving data if the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity; and, • provides the ability for the law firm to get data “off” of the vendor’s or third party data hosting company’s servers for the firm’s own use or in-house backup offline.
    13. 13. Server Security
    14. 14. TRUSTe – Privacy Policy • How is sensitive information being handled? “ TRUSTe ’ s program requirements are based upon the Fair Information Principles and OCED Guidelines around notice, choice, access, security, and redress - the core foundations of privacy and building trust. Sealholders are required to undergo a rigorous review process to assess the accuracy of privacy disclosures and compliance with TRUSTe’s requirements in order to obtain certification.”
    15. 15. Data Escrow saas provider escrow provider saas user
    16. 16. Conclusion • Lawyers’ duty of confidentiality can be a mine field • Reasonable efforts on the part of the lawyer are required to use any tool that may risk disclosure – including cloud computing • Informed consent protect lawyers from misconduct claims