This is a copy of a presentation I delivered at the Chicago Bar Association on June 20, 2017 about Legal Ethics Considerations with using Cloud Computing solutions in the United States.
16. • Long Effort from 2009 – 2012
August 2012 Report
• Long Time for Change – Last
Change was in 2002
• ABA Website = Good
Resources
@DennisCGarcia
17. Duty of Confidentiality: Rule 1.6
• “Cornerstone” fiduciary duty
• Rule 1.6(a): Protect information “relating to the
representation”
• New Rule 1.6(c): make “reasonable efforts” to
prevent inadvertent/unauthorized disclosure or
unauthorized access to client's info
• New Rule 1.6 Comments [18] and [19]
describe factors in determining “reasonableness”
@DennisCGarcia
18. Duty of Confidentiality: Rule 1.6
“Reasonableness factors” from new Comment 18:
• the sensitivity of the information
• the likelihood of disclosure if additional safeguards are not employed
• the cost of employing additional safeguards
• the difficulty of implementing the safeguards
• the extent to which the safeguards adversely affect the lawyer’s ability to
represent clients (e.g., by making a device or important piece of software
excessively difficult to use)
A client may require the lawyer to implement special security measures not
required by this Rule or may give informed consent to forgo security measures
that would otherwise be required by this Rule. @DennisCGarcia
19. Duty of Competence: Rule 1.1
• Rule 1.1: Provide competent representation to client, which
requires the “legal knowledge, skill, thoroughness and
preparation reasonably necessary for any representation”
• New Rule 1.1 Comment [8] to maintain competence: “a lawyer
should keep abreast of the changes in the law and its practice,
including the benefits and risk associated with relevant
technology…..“
@DennisCGarcia
20. Duty to Communicate with Clients: Rule 1.4
• A lawyer shall promptly inform client of any decision for which
the client's consent is required.
• A lawyer shall reasonably consult with client about means by
which client’s objectives are to be accomplished.
• Questions may arise as to which a client needs to be notified
of a lawyer’s use of cloud computing, whether approval is
required from client, whether client should be involved in cloud
provider’s selection, etc…. @DennisCGarcia
21. Duty to Supervise: Rule 5.3
• A lawyer who associates with a non-lawyer must make
“reasonable” efforts to ensure that the third party’s conduct is
compatible with the lawyer’s professional obligations.
• New Comment [3] specifically mentions “an internet-based
service to store client information” as an example of a non-
lawyer.”
@DennisCGarcia
22. Duty to Safekeeping Property: Rule 1.15
• Lawyers need to keep client property appropriately
safeguarded.
• Client property can include files, information and
documents, included those electronically stored.
@DennisCGarcia
23. • Not Binding
• Good Source of Thought
Leadership
• More Fluid than the Model
Rules
@DennisCGarcia
24. • 20+ States
• Some States address 3rd
party vendor
storage of client information and not
Cloud
• All said that Cloud can be used by lawyers
so long as reasonable care to protect
client confidential information is embraced
• Few opinions provide specific examples of
reasonable care to protect client
confidential information
@DennisCGarcia
25. ISBA Opinion No. 16-06
October 2016
@DennisCGarciahttps://www.isba.org/sites/default/files/ethicsopinions/16-06.pdf
30. Select a Highly Reliable &
Trusted Cloud Provider!
@DennisCGarcia
31. Control
Maintain control of
your data in
provider’s cloud
services
Protect
Committed to the
protection of your data
in provider’s cloud
services
Comply
Meet your compliance
needs when using
provider’s cloud
services
Transparency
Understand what happens with your data in provider’s cloud
Cloud Provider Needs to Inspire Trust
@DennisCGarcia
32. Sign a Smart Cloud
Contract with a Cloud
Provider!
@DennisCGarcia
33. #1: Data ownership & usage #6: Security incident notification
#2: Data Protection Agreement #7: Independent verification
#3: Data location specificity #8: Subcontractor commitments
#4: Third party access to data #9: Terms of use/service changes
#5: Comply with applicable laws #10: Service level agreements
@DennisCGarcia