The document discusses how lawyers' use of cloud computing has raised ethical questions regarding how they select and use cloud vendors and products. In response, the ABA formed the Ethics 20/20 commission to investigate how the Model Rules apply to cloud computing. Several Model Rules have come under scrutiny, including those regarding confidentiality, competence and diligence, duties to prospective clients, unauthorized practice of law, and duty to supervise. The document provides guidance on how lawyers can comply with these rules when using cloud computing to ensure client confidentiality and properly vet cloud vendors and technology choices.
08448380779 Call Girls In Friends Colony Women Seeking Men
Ethics for lawyers in the cloud
1. What the Model Rules are saying about
practices in Cyberspace
Donna Seyle
Lawyer/Writer/Founder
LawPracticeStrategy.com
2. Lawyers’ use of cloud computing is growing as the technology becomes safer, the
cost-effectiveness becomes more evident, internal productivity increases, and the
need to provide a variety of legal services delivery becomes a market imperative.
The questions have arisen: the use of technology raises ethical questions related to
how lawyers go about choosing cloud vendors, and how they are using cloud
products chose.
In 2009, the ABA formed a new commission, Ethics 20/20, to investigate just that.
As a result, although very few changes have been made to the Model Rules, draft
opinions, issue papers seeking comments and their replies have emerged from
both the ABA and various state bar associations that address how the rules apply
to cloud computing as they are currently written.
The Model Rules that have come under scrutiny and will be discussed are:
Confidentiality: Rules 1.6(a) and 1.15
Competence and Diligence: Rules 1.1 and 1.3
Duties to Prospective Clients: Rules 1.18 and 1.2
Unauthorized Practice of Law: Rule 5.5
Duty to Supervise: Rule 5.3
3. Confidentiality and Safeguarding Property
When client information is transferred and/or stored in a cloud system
Use of 3rd-party cloud applications in communicating
Relinquish control of data
Rule 1.6 standard: lawyers must take “reasonable precautions” to
safeguard client information and prevent it from going to unintended
recipients during the transmission.
Requires due diligence in vetting your choice of vendor
Includes hiring a technology advisor if lawyer doesn’t feel capable of
making effective choices
States have not attempted to define “reasonable care”; technology
changes too quickly
Be sure to stay current on any changes in regulation in your state
4. Requires that the lawyer is thoroughly prepared to provide
representation to the client
When applied to cloud computing, requires lawyers to understand the
technology and security issues when selecting a cloud service provider
and devices
To do so, lawyers must do their due diligence in vetting their chosen
vendor
Lawyers must also diligently follow best practices in the use of the
technology to insure confidentiality
Lawyers’ best practices include using cloud computing to conduct factual
research in representing their client
Must also inform client of their use of cloud software in the act of
representation
5. It is reasonable to expect the lawyer to vet the vendor to determine its
security protocols. Here is a list of questions lawyers can use:
What kind of facility will host the data and how are they secured?
Who else has access to the facility, servers and data and how is authorization for access
determined? How do they screen employees?
Does the contract address confidentiality? If not, is the vendor willing to sign a
confidentiality agreement?
How frequently are back-ups performed?
Is data backed up to more than one server? Are they georedundant?
Are all servers located in the United States?
What types of encryption are used, and how are passwords stored? Is data encrypted
both in transit and at rest?
Has the vendor been certified by a 3rd party service? Are audits available for review?
Are there redundant power supplies for the servers?
Is there guaranteed uptime?
What remedies are provided for in the event of breach?
What are the data breach notification procedures?
What are your rights upon termination?
Does the vendor carry cyberinsurance?
Be sure to review Service Level Agreement (SLA) and Terms of Service (TOS)
6. Issue arises in multijurisdictional virtual practice and when providing
clients with self-help software solutions
5.5 (a) and (b) restrict a lawyer from practicing in a jurisdiction where she
is unlicensed, or establish “systematic and continuous presence” in this
jurisdiction
Lawyer’s online presence must make clear where she is authorized to
practice
Should have a jurisdiction check built into the cloud system to ensure
client’s residency
A virtual lawyer practicing in the state where he is licensed, but resides
elsewhere, may establish “systematic and continuous presence”
However, some states have residency requirements and “bona fide office”
rules (e.g., New Jersey)
Lawyers offering self-help software: in Texas, they rewrote their rule that
self-help using computer software does not substitute for legal services
7. Managing lawyers must make reasonable efforts to ensure a non-lawyers
conduct is compatible with professional obligations of the lawyer
This includes non-lawyer employees, independent contractors such as
paralegals, virtual assistants, and any legal process outsourcing company
retained by the firm
Use a permissions-based technology system
Conduct an extensive conflicts check or have confidentiality agreements
signed
Be certain outsourced contractors are given a copy of the firm’s policy for
use of cloud software and social media
8. International Legal Technology Standards
Virtual Law Practice – by Stephanie Kimbro
Cloud Computing for Lawyers – Nicole Black
Law Practice Management Section – American Bar
Association