Please ensure Javascript is enabled for purposes of website accessibility
Home / Expert Opinion / Legal Loop: Tenn. weighs in on ethics of cloud computing

Legal Loop: Tenn. weighs in on ethics of cloud computing

Nicole Black

Nicole Black

Lawyers have been using cloud computing, where law firm data is stored on servers owned and maintained by a third party, for years now. But as is often the case with new technologies, it takes a while for ethics committees to address the potential ethical issues lawyers face when incorporating new technology tools into their practices.

Earlier this month, Tennessee joined many other jurisdictions across the country and considered the ethics of lawyers using cloud computing in Formal Ethics Opinion 2015-F-159 (online: www.tbpr.org/ethic_opinions/2015-f-159).

At issue was whether lawyers may store confidential client information “in the cloud.” In reaching its decision, the Ethics Committee thoroughly reviewed the opinions issued by other jurisdictions prior to applying the Tennessee Rules of Professional Conduct to the issue.

From the outset, the committee wisely noted that because technology has changed so rapidly in recent years, a fluid standard was required: “Due to the fact that technology is constantly evolving, this opinion only provides lawyers with guidance in the exercise of reasonable care and judgment regarding the lawyer’s use of cloud technology in compliance with the rules of professional conduct, rather than mandating specific practices regarding the use of such technology.”

Next, the committee acknowledged that absolute security is an impossibility. Instead, lawyers must take reasonable steps to ensure the confidentiality of protected client information: “The lawyer is not required by the rules to use infallible methods of protection. … Rather the lawyer must use reasonable care to select a mode of communication that, in light of the circumstances, will best protect confidential client information … Special circumstances, however, may warrant special precautions. … (and whether) safeguards are appropriate depends upon the nature and sensitivity of the data …”

According to the committee, as part of the duty to exercise reasonable care when storing client data in the cloud, lawyers must thoroughly and carefully research the cloud computing vendor they intend to use: “Because the delegation of file storage to a provider of cloud computing services adds a layer between the lawyer and confidential client information over which the lawyer has responsibility, competence also requires that the lawyer ensure that tasks are delegated to competent service providers which the lawyer has selected after investigating the qualifications, competence, and diligence of the provider to ensure that client information is reasonably likely to remain confidential and secure through storage and retrieval.”

Next, the committee explained that when researching a cloud computing provider, it’s important to determine how the data will be protected and who has access to the law firm’s information: “The primary obligation is to select a reliable provider under the circumstances. In making this selection, the lawyer should consider the provider’s ability to protect the information, to limit authorized access only to necessary personnel and to ensure that the information is backed up, is reasonably available to the lawyer and is reasonably safe from unauthorized intrusion.”

The committee clarified that these obligations fall on the lawyers who have decision-making authority on behalf of a law firm: “(I)f the lawyer is a partner or otherwise has managerial authority in a law firm, the lawyer must use ‘reasonable efforts’ to make sure that the firm has measures in place to assure that providers of cloud-based services engage in conduct compatible with ethical obligations of the lawyer.”

By handing down an opinion that green lights the use of cloud computing by lawyers, Tennessee joins the ranks of more than 20 other jurisdictions that have reached the same conclusion. I expect that many more will soon follow suit now that the use of cloud computing software has become commonplace in law offices and elsewhere. So, tune in tomorrow and see.

Nicole Black is a director at MyCase.com, a cloud-based law practice management platform. She is also of counsel to Fiandach & Fiandach in Rochester and is a GigaOM Pro analyst. She is the author of the ABA book “Cloud Computing for Lawyers,” coauthors the ABA book “Social Media for Lawyers: the Next Frontier,” and co-authors “Criminal Law in New York,” a West-Thomson treatise. She speaks regularly at conferences regarding the intersection of law and technology. She publishes three legal blogs and can be reached at niki@mycase.com