We all know that the use of technology has transformed the delivery of legal services. Many case management systems are cloud based systems that change the way data is stored. But how does the use of cloud based systems affect a lawyer’s ethical obligations? Consider the following scenario. The answer and explanation can be found at the bottom.
Alan has just started to use an outside provider for cloud-based services so he can manage his law practice. He maintains all of his client data and client files through the cloud based service and it really helps him to be organized. He is excited that he has been able to eliminate paper files from his office. One day, Alan received a notice from his vendor advising him that their server has been compromised and all customer data, including all of Alan’s client data has been inadvertently disclosed.
Has Alan violated any of his ethical obligations?
- Answer A: Yes. Alan is ultimately responsible for the disclosures of confidential client information pursuant to Rule 1.6.
- Answer B: No. Alan cannot be held responsible for the acts of his cloud based service provider.
Scroll down for the answer.
The correct answer is it depends. Illinois Professional Conduct Advisory Opinion No. 16-06 (October 2016) states that the question to ask is whether the attorney acted reasonably and competently to protect the confidential information. Lawyers must conduct a due diligence investigation when selecting a provider. Reasonable inquires could include: (1) investigating whether the provider has implemented reasonable security precautions to protect client data from inadvertent disclosures; (2) investigating the provider’s reputation and history; (3) requiring an agreement to reasonably ensure that the provider will abide by the lawyer’s duties of confidentiality and will immediately notify the lawyer of any breaches or outside requests for client information; and (4) requiring that all data is appropriately backed up completely under the lawyer’s control so that the lawyer will have a method for retrieval of the data.
This opinion is consisted with other state bar associations. See e.g., Alabama Ethics Opinion 2010-2 (2010)(lawyer may outsource storage of client files through cloud computing if the lawyer takes reasonable steps to make sure data is protected); Iowa Ethics Opinion 11-01(2011)(lawyer should conduct appropriate due diligence before storing files electronically); Tennessee Formal Ethics Opinion 2015-F-159(2015)(a lawyer may allow client information to be stored in the cloud provided the lawyer takes reasonable care to assure that the information remains confidential and that reasonable safeguards are employed to protect information from breaches, loss or other risks).
This ethics question is for educational purposes only and is not intended to provide legal advice or create an attorney-client relationship. When in doubt, seek ethics counsel in your jurisdiction.
How did YOU do?
All opinions, advice, and experiences of guest bloggers/columnists are those of the author and do not necessarily reflect the opinions, practices or experiences of Solo Practice University®.