28
Thu, Mar
51 New Articles

Use of Cloud in Legal Profession

Briefings
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Cloud computing has become a well-established and one of the most profitable segments of global information technology services.

In EU alone, the cumulative economic impact of cloud computing has been predicted to be €940 billion and 3.8 million jobs for the period of 2015-2020.  At its simplest, cloud computing is a way of delivering computing resources as a utility service via a network on a location-independent basis, typically through the Internet, with the possibility to scale the service up and down depending on the user requirements. The services provided by cloud computing can range from providing raw processing power and storage to delivery of full software applications. Accordingly, wide range of devices such as mobile phones, tablets or notebooks may be used to obtain access to vast computational resources. Law firms as well as solo practitioners around the world have quickly adopted cloud services in their everyday work precisely because of the unique features that cloud computing can deliver.  Nevertheless, certain concerns may arise when taking into consideration the importance of confidentiality and security of information that law firms usually handle. There are significant differences between the security and service features of cloud products developed specifically for the legal community and those developed for the general public. The aim of this article is to briefly address the most common considerations that a law firm or a lawyer should take when deciding whether to use cloud in legal profession. 

  • Review the Service Level Agreement ("SLA") in detail

The SLA should always be carefully reviewed in order to ensure that client data can be adequately protected and maintained in the cloud. At minimum the following issues should be examined:

(i) Who owns the data? Although it is unusual for cloud providers to state that they own the stored data, the SLA should clearly state that attorney/law firm is the owner of the stored data;

(ii) Who can access the data? The SLA should guarantee the access is kept to minimum and specify which employees will be authorized to access the stored information; 

(iii) Is the company adequately preserving data's confidentiality and integrity? The SLA should specify that data is encrypted not only when stored on cloud but also during the data transmission; 

(iv) How does the company notify users if the data is subpoenaed? As the cloud providers are private companies they are obliged to comply with court orders to search the data stored on their servers. The attorney/law firm should nevertheless make sure that the SLA specifies the obligation to immediately notify the user of any legal attempts to access the data. SLA should also specify what steps will be taken if such event occurs and whether the cloud provider will challenge the attempt at court. 

(v) What will happen to stored data in case the company goes bankrupt or is acquired by another entity? Although This issue is not typically included in standard SLAs, it should be raised before committing to the service. 

  • Data security

In legal profession, the confidence of the client is absolutely crucial. Accordingly, the client data  needs to be secured in best possible way against the unwanted intrusion. The cloud provider should be able to explain its firewalls and other security measures  that prevent such intrusion to reasonable extent. Moreover, if the attorney/law firm grants access to client information to any third party, otherwise privileged information may lose its privilege and could be admitted as evidence before the court.  It also may be worth to consider one of the cloud services that guarantees no access to the data such as increasingly popular SpiderOak cloud service and its zero-knowledge privacy policy . Especially for clients with sensitive data, this is becoming ever more popular option. 

  • The location of stored data

As the confidentiality and accessibility of data is governed by the laws of the jurisdiction where the server holding the data is located , the attorney/law firm should assess whether the data privacy and data security legislation of the relevant jurisdiction provides sufficient protection. It should be noted that the data does not necessarily have to be stored in one location, it may be split between several locations, change its location depending on operations of the provider or the data may be backed up in several different locations. Therefore it may be difficult to assess this issue thoroughly, nevertheless there should be maximum effort to do so. 

  • Recoverability of stored data 

Cloud providers frequently store the data in multiple locations. Thus, in case the servers in one location go down, the data can be either copied or backed up to another data center and can therefore be back in operation in minutes. Choosing a cloud provider with such capability might be preferable. 

  • Cloud provider's uptime

The cloud service is only as valuable as it is accessible. Although the cloud services are relatively stable and if they are inaccessible, it's usually matter of minutes or hours, the attorney/law firm should always inquire about the provider's uptime and assess whether its sufficient.

Cloud computing is a valuable resource that provides benefits on a global scale. Cloud technology, if used appropriately, can help to reduce costs and increase work efficiency.  While there are some potential pitfalls when choosing a cloud suitable service, as long as lawyers perform a thorough due diligence and address at least majority of the above mentioned issues, they may find that benefits of cloud far outweigh the pain of due diligence. As number of cloud users is increasing rapidly and the terms of service frequently differ, there might be a need for certain level of standardization in order to properly address areas that need specific protection. Standard contracts that would encompass all of the concerns and protections desired may be created as cloud will continue to evolve as one of dominating segments of information technology services.

By Martin Curilla, Junior Associate, DLA Piper

Our Latest Issue