Adjunct Law Prof Blog

Editor: Mitchell H. Rubinstein
New York Law School

Monday, May 17, 2010

Cloud Computing and Lawyer Ethics

Cloud computing is in vogue today. Everyone, including me, loves it. You do not have to worry about files taking up space on your computer or have access to your files if your using another computer. The files are stored on a server. Getting Your Head in the Cloud is an interesting April 2010 ABA Journal article which raises the question of whether there are ethical issues for lawyers to store client data in "the cloud." As the article states:

The early indications from ethics authorities are that storing client data in the cloud does not violate ethics rules, as long as the lawyer took appropriate steps to safeguard the information from inadvertent or unauthorized disclosure.

Rule 1.6 of the ABA Model Rules of Professional Conduct states that, generally, a lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent or the disclosure is impliedly authorized to carry out the representation. (Rule 1.6 is generally followed by the states.)

But the comments to Model Rule 1.6 provide some leeway in applying its mandate. Comment 16, for instance, states, “A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision.” And Comment 17 states that a lawyer must take “reasonable precautions” to prevent information relating to the representation of a client from going to unintended recipients when it is being transmitted.

“If you purchase the technology and there’s a breach, you’re going to say, ‘I relied on the cloud provider,’ and the rules back you up,” says Lucian T. Pera, a partner at Adams and Reese in Memphis, Tenn., and president of the Association of Professional Responsibility Lawyers. “The rules say attorneys must act competently to safeguard information. It’s a reasonableness standard, and nothing has changed about the rules but how they apply in a changing world.”

Some recent ethics opinions reach a similar conclusion. The Arizona State Bar’s Committee on the Rules of Professional Conduct, for instance, concluded in Opinion 09-04 (issued Dec. 9, 2009), that a law firm may use an online file storage and retrieval system that enables clients to access their files over the Internet as long as the firm takes reasonable precautions to safeguard the security and confidentiality of the client’s information.

Cloud computing is here to stay. I see it no different than lawyers storing client money in bank accounts. The lawyer has to rely on the bank not stealing the money or disclosing it to a third party. Law review commentary with respect to this important issue would be most welcome.

Mitchell H. Rubinstein

Ethics, Law Review Ideas, Lawyers | Permalink


". . as long as the firm takes reasonable precautions . ." is certainly an appropriate standard, but how many lawyers have the skill level to ascertain that the provider (and the provider's chain of sub-providers) is actually taking those precautions. And what will the lawyer provide to the supplier--will it be encrypted and solely under the lawyer's control or delivered in the clear to a supplier, possibly in a country that offered the "best deal" at that instant. For money that gets stolen then (someone's) insurance can replace that fungible money. Confidential data is different in that in the event of breach there may be absolutely no recovery. What is worse is that the theft of money or gold is detectable; the theft of data in untraceable copies leaves no easy trail of breadcrumbs. The case of the Lichtenstein and Swiss bankers illustrate that point to the client's eternal pain.

Posted by: Michael.D.Willis | May 19, 2010 6:17:16 PM

Post a comment