Gerald Auger and Aaron Heath, J.
years, there has been a steady increase in the integration of
technology to support the modern law firm. Cloud software
solutions, in particular, have seen increases in adoption due
to their cost effectiveness, features, ease of use and low
maintenance. In fact, law firms likely stand to improve data
security when moving to the cloud.
attorney-client communications is foundational to the legal
profession. In Upjohn Co. v. United States, the
Supreme Court made a point of affirming the principle that
"[Legal] assistance can only be safely and readily
availed of when free from the consequences or the
apprehension of disclosure."
The obligation to protect the confidentiality of client information is codified in Rule 1.6 of the South Carolina Rules of Professional Responsibility (SCRPR). Comments 19 and 20, in particular, discuss attorneys' obligation to implement reasonable and appropriate safeguards to prevent the unauthorized disclosure of sensitive client information. In addition, storing client data with a third party triggers SCRPR Rule 5.3, which requires attorneys to adequately supervise non-lawyer assistants, including a third party cloud vendor who is acting as a data custodian. Finally, many states' rules also include a requirement that bar members maintain technological competence, and courts are beginning to hear cases regarding the failure of attorneys to secure privileged information in the use of cloud services. The decision by a firm to employ cloud software means that highly sensitive information will be placed in the hands of a third party. Consequently, a firm should carefully consider which cloud vendors it chooses and diligently educate itself on secure use of the solution to ensure that client and firm interests are adequately protected. While cloud software and services come in a few different categories, this article focuses on Software-as-a-Service (SaaS), also known as "cloud software." The ABA provides a fairly simple answer to the question, "What is SaaS?": SaaS is a subscription-based model where software and services are accessed via the internet, generally using a web browser (such as Chrome, Safari or Internet Explorer), rather than installed directly onto a user's computer. In even simpler terms—your data, stored on someone else's computer, accessed via the internet. The most appealing aspects of employing cloud software are: •reasonable fees in exchange for up-to-date, feature-rich software
• easy, flexible access
• data security
• system reliability Cloud software solutions range from iCloud, Dropbox and Google Docs for storage; Gmail, AOL and Office 365 for email; to Clio, Rocket Matter and MyCase, which are case management and billing products tailored to law firms.
software solutions offer a great deal of value, but they also
introduce often-overlooked risks to law practices. While the
vendor's security controls may be very good, firms must
keep in mind that data security is ultimately their
responsibility, especially with regard to securely using and
configuring the solution. For example, Dropbox encrypts all
files when they are retrieved over the internet and stored on
their servers, but if an associate sets an entire client
folder to be "public" (i.e., accessible by anyone),
Dropbox's security controls would provide no protection
against unauthorized access to the folder.