Understanding the Legal Risks of Cloud Computing
Cloud computing can bring efficiency and mobility to your legal practice but it can also expose you to new risks. Only by understanding the dangers can you confidently adopt this new technology.
The cloud has become home to a host of applications including computer backup solutions, document sharing sites and, of course, billing software for attorneys. Cloud-based software provides mobility, efficiency and lower IT costs but the technology comes with its own challenges. Attorneys should always evaluate the legal risks of any new technology to ensure they can meet their obligations to their clients and comply with any relevant regulations. Some of the most common problems are security, data ownership and business continuity.
Problem #1: Security
Is it safe to use cloud-based legal software? Let’s use an analogy. A client asks you to hold a valuable document. You can keep it in your office safe or you can store it in a safe deposit box in a bank. The bank is a public place, like the internet, but that doesn’t mean people can wander into the vaults. The document will be safer in a public bank than in your private office because the bank can afford high quality security measures. On the other hand, Shifty Sam’s House O’ Safety might not have the same professional protection that a bank vault does so you need to be careful who you use as your vendor.
The same applies to cloud providers. Many organizations have rushed forward to offer cloud service but not all of them are implementing the level of security you need. CosmoLex provides multiple layers of security. Transactions are protected by 128-bit SSL encryption, the same encryption used by banks and credit card companies. The data is stored in SAS 70 compliant datacenters audited daily by MacAfee Secure. Make sure cloud providers use at least this level of protection.
Problem #2: Data Ownership
To continue the example above, if you keep that document in a bank you can be sure the staff will not make copies of it to sell to interested parties. Shifty Sam might not be so trustworthy. If you store your data one someone else’s servers, can they access it? Many countries do not have laws governing data, so your cloud provider could mine the data and not actually be breaking the law.
CosmoLex uses only U.S.-based datacenters so you are protected by the strong data privacy laws of this country. We are governed by the same rules you are and take your privacy just as seriously. Each client uses a separate database schema so nobody else can see your data, and it is impossible even for our own staff to look at your files.
Problem #3: Business Continuity
You confidently store your data on a cloud server, knowing it is always safe. Then there is a fire, natural disaster or even a simple virus infestation of the cloud servers. Your files are gone! What provisions are in place to prevent your data from being lost?
A cloud-based law office billing program should have systems set up to protect the data and ensure continuity. CosmoLex datacenters include safeguards like generators to keep access even in a major power failure, earthquake proof construction to protect against natural disasters, digital countermeasures against the latest malware threats and more. Your data is backed up offsite every few hours so even if there is a major problem, your information is safe.
How Can You Protect Yourself?
Ultimately the onus is on you rather than the cloud provider, which is why you need to take what steps you can to ensure your information is safe. Take the time to do your research up front and you can enjoy many years of safe cloud-based legal time and billing software use.
- Check With Your Bar Association – The American Bar Association has gathered cloud ethics opinions of the states that have ruled on the use of cloud software. In every case the state bar associations have leaned on the standard Reasonable Care criterion common to legal ethics. Read the individual decision for your state, if any, so you can become familiar with the specific requirements for your practice.
- Read Your Contract – Come on, do we really have to say that? You’re an attorney after all! Read the fine print. Look specifically for disclaimers and limitations of liability. An agreement that is riddled with these kinds of protections not only leaves you on the hook in the event of a data breach or loss, but also implies the provider doesn’t have much faith in their own product. Negotiate for better terms or find a different provider.
- Talk To The Provider – Ask the hard questions about information architecture and data breach protocols and security audits and so on. If you don’t know the jargon then you can still ask in layman’s terms how they protect your data. If the company dodges your questions, that might be an answer in and of itself. Contact CosmoLex and we will gladly help you understand the protections built into our billing software for lawyers.
In the end, you are the one who carries the responsibility for protection. Reasonable Care means taking the time to understand the technology and how it applies to your practice and your responsibilities to your clients.