ISBA ethics opinion OKs storing client info in the cloud
Advancing technology has often raised ethical issues for attorneys. Not so long ago, email was suspect. Could lawyers use it to communicate securely with clients?
In response, the ISBA issued an ethics opinion - in 1996, which was confirmed in 1997. Opinion No. 96-10 states that lawyers can use email, without encryption, to communicate with clients unless enhanced security measures are required by the circumstances.
We've come a long way since CompuServ, which was cited as an email/internet provider in the opinion. Virtual law offices now enable attorneys to provide unbundled legal services to clients all over Illinois. Practice management software may be entirely managed and hosted in the cloud. Services like Dropbox, Microsoft OneDrive, and Google Drive allow for easy file storage and sharing - all based in the cloud. Practice management solutions like Clio are hosted entirely in the cloud. Others, like TrialWorks, offer users the ability to have their data hosted in the cloud.
All of which raises the question - is it ethical to store client information in the cloud? ISBA Professional Conduct Advisory Opinion No. 16-06, issued in October, says yes, as long as lawyers take specific steps to ensure the security of the data stored there. Find out more in the January Illinois Bar Journal.
Member Comments (1)
I have read and studied the advisory opinion about the use by attorneys of third providers to store and archive confidential information of clients. The conclusion is that the lawyers may use them as long as they use <reasonable care> to ensure that client confidentiality is protected and client information remain secure. But the several opinions I have read until now fail or avoid to give an extensive definition of what is the meaning of <reasonable care> in the issue treated. The "reasonable care" remain open to interpretation. In my personal opinion the reasonable care depends of many factors as could be the attorney knowledge of computers and algorithm matters which logically in case of a breach of the presume protected information, the burden of prove that all foreseeable risks have been taken into account fall in the attorney. At this point I feel obligated to define <presume> since previously I use the phrase "presume protected information". Presume is defined in the Cambridge Online Dictionary: Presume, verb, {Believe}, *[T] to believe something to be true it is very likely, although you are not certain.