Monday, December 5, 2011

PBA Addresses Attorney Use of Cloud Computing

The Pennsylvania Bar Association (PBA) Committee on Legal Ethics and Professional Responsibility issued a formal opinion (2011-200), Ethical Obligations for Attorneys Using Cloud Computing/Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property. That's quite a title! The central question of the opinion is: May an attorney ethically store confidential client material in “the cloud”?

What is "the cloud"? The cloud provides software and services over the Internet, with shared resources residing on host computers (aka, not your computer). The cloud includes webmail products like gmail, and online office and document tools like Microsoft Office 365 or Dropbox. This raises some concerns, mainly about storing confidential information on someone else's servers.

Cutting straight to the punchline, the PBA committee concluded:
Yes. An attorney may ethically allow client confidential material to be stored in “the cloud” provided the attorney takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks.
It's not just about confidentiality though. For example, "Competency extends beyond protecting client information and confidentiality; it also includes a lawyer's ability to reliably access and provide information relevant to a client's case when needed." The opinion also discusses Pennsylvania's data breach notification law.

The opinion also includes almost three pages of what the standard of reasonable care for cloud computing "may include." Noncommittal, but I'll take it for now.

Image: Photograph taken by Philip Miles.

Posted by Philip Miles, an attorney with McQuaide Blasko in State College, Pennsylvania in the firm's civil litigation and labor and employment law practice groups.