April 14th, 2010 by Rian Gauvreau
Due Diligence Paves the Way for Trust with Cloud Computing
In light of the North Carolina State Bar’s ongoing examination of the implications of Cloud computing, North Carolina Lawyers Weekly has published a guest article by Asheville-based attorney Sara Hanley on the importance of careful due diligence and trust when selecting any service provider to the legal industry. Having delved into the relevant legal rules and precedents, Sara offers a pragmatic argument that suggests all personnel and products used to support a practice should support the lawyer’s duty to take reasonable care in protecting client confidentiality. To this end, Sara proposes that, the State Bar, and industry as a whole, arrive at some general consensus regarding best practices and standards of care in order to guide the due diligence process. Given the value and convenience that ‘the Cloud’ has afforded her firm, Place & Hanley, Sara hopes that the N. C. State Bar review process will help to educate and advise other firms on how to realize benefits from cloud-based software in a manner that is ethical and compliant. As Sara puts it:
Cloud computing offers a way of storing and accessing case and client information in a secure manner that is convenient and valuable for lawyers and their clients. Given the appropriate level of due diligence, cloud-computing providers that adhere to a reasonable standard of care should be afforded the same trust as the wealth of other service providers and third parties we all depend upon on a day-to-day basis.
We thank Sara and all those who took the opportunity to weigh-in on this important discussion.
I also submitted a number of suggestions to the Bar, including the idea that cloud providers to lawyers should be contractually obligated to protect the confidentiality of information stored in them.
Google has done a pretty good job of including that sort of promise in their Terms of Service for their "professional" version. Why doesn't Clio have similar language in its terms?
- spam
- offensive
- disagree
- off topic
LikeI firmly believe the legal market needs some innovation, and I applaud the efforts of Clio and others to provide new tools.
But this concerted push to have a quick "industry consensus" blessed by a state bar bothers me. It just feels too early. The whole market is just a few years old, and there is room for even more innovation.
With that in mind, are you asking the state bar to bless your security model in particular, or are you asking them for a general blessing of the idea that data can be stored with third parties?
- spam
- offensive
- disagree
- off topic
LikeHi Don,
Thanks for your comments. Our proposal to the Bar Association outlined a set of minimal security and privacy standards we believe that any cloud computing provider that services the legal market should adhere to. These recommendations include base-level recommendations such as the use of SSL encryption for secure data transmission.
While Clio implements the specific security model we put forth in our letter to the NC Bar, we hope it will form the basis for minimal standards that could be applied to any cloud computing provider or third-party data storage company.
Best regards,
Jack
- spam
- offensive
- disagree
- off topic
Like