Nov. 30, 2016
By Brett Burney
Before you entrust
your client’s data to a third party, the ethical implications of that relationship
must be considered and all doubts and questions resolved before any transfer of
data. In this respect, a cloud-based e-discovery provider is no different from any
other vendor; simply because the data is stored in “the cloud” does not mean
that any greater or lesser analysis of your ethical obligations should take
place. The preliminary questions may be different, but the primary question
remains the same: can this provider protect my client’s confidential
information, so that it is not improperly disclosed to other parties?
ethical rule that comes into play here is that of Client Confidentiality (ABA Model
Rule 1.6), but would also include the rule requiring lawyers to protect their client’s
property (ABA Model Rule 1.15). A recent change to ABA Model Rule 1.1 (Competence)
may also apply in this situation—it now defines “competent representation” as
understanding the technology used to undertake representation of the client. To
translate for the purposes of this article, it is in your best interest to have at
least a reasonable understanding of how a cloud-based e-discovery tool works
before you undertake to use it on behalf of a client.
We won’t engage in an
in-depth discussion of the ethical issues to be considered—
for that, check
out Cloud Computing for Lawyers
by Nicole Black, published by the ABA’s Law
Practice Management Section. Most state bars haven’t considered the issue yet—
so far, we have seen ethics opinions from Alabama, Arizona, California, Iowa,
Nevada, New York, North Carolina, Oregon, Pennsylvania and Vermont. In
general, they all state that using cloud computing services is ethical, as long
as certain precautions are followed.
notice, these considerations are necessarily vague. As technology changes, and vendors
continue to innovate in the ways that they provide services, lawyers should remain
prepared to adjust their requirements.1. The fine print.
Make sure the Service
Level Agreement (SLA) includes terms on how the vendor will protect the
confidentiality of your client’s information.2. Check under the hood.
yourself that the vendor offers sufficient protection for your client’s data. A
reputable e-discovery provider will provide strong security in the following
3. Data portability.
- Firewall—to prevent data from moving into or outside of the
provider’s storage facility.
- Encryption—to protect data as it
is transmitted between you and the vendor, as well as protect it from being
opened should it be accessed by a bad actor.
- Intrusion Detection and Data
Loss Prevention measures - to understand when an attack is made, or when data
is being transmitted from the vendor’s storage facility.
Over time, your relationship with the vendor may change—
you may decide to
terminate your contract, or fall behind in making payments for the service. The
service itself may go out of business. In any of these occurrences, you must be
able to retrieve the data stored with the vendor. Alternatively, you can
arrange to have access to a backup of the information, or to the vendor’s software
so you can gain temporary access to the information.4. Re-Evaluate, regularly.
Technology changes over time, and some cloud tools might not keep with the
latest in security. Revisit your relationships with cloud vendors each year to
make sure they still meet the standards necessary to keep you in compliance.