The rent’s too high, we don’t have room for storage anymore, everyone is going paperless. Let’s move our practice into the cloud. Have you heard of this before? Perhaps you are already using the cloud.
What is the cloud? Cloud computing is using the server of a large computer company to store your information electronically. There are a few ethical and practical considerations on this: They are confidentiality and competence. They overlap.
Business and Professions Code Section 6068 (e) and Rule 3-100 of the rules of professional conduct require you to maintain your clients’ confidences inviolate. How much confidentiality you need depends on what kind of information you are storing. If you are doing criminal defense or mergers and acquisitions, you probably shouldn’t use the cloud at all.
While your vendor may say it provides encryption, don’t be sure to rely on it. All security systems can be cracked. For an amusing historical example, read Richard Feynman’s Surely You Must be Joking, about how easy it was to crack the safes at Los Alamos.
Find out how your data will be stored and how it will be backed up. What if your vendor’s equipment fails? What if the vendor’s business is sold, or if it goes bankrupt? How will your data be transferred if the vendor moves to new equipment? And what happens to your data if you stop doing business with the vendor?
You also have the duty to act competently. See Rule 3-110 of the rules of professional responsibility. This means making sure the data are available when you need them, and that they are stored properly.
Be sure to read the vendor agreement over carefully before you click on “AGREE.” And never agree that your data belongs to the vendor.
About the author:
David Michael Bigeleisen has been a lawyer for almost forty years. He defends criminal cases. He is a former chairman of BASF’s Legal Ethics Committee.