Last week Nicole Garton Jones, a BC-based lawyer and fellow Slaw contributor, provided some thought-provoking commentary on the position of the Law Society of British Columbia on the topic of Virtual Law Firms, as discussed in the latest edition of the organization’s Bencher’s Bulletin. In the bulletin, and subsequent response to Ms. Garton-Jones’ post, the LSBC identifies several key concerns relating to cloud computing for BC-based law firms, namely:
- LSBC trust accounting rules (specifically, Rule 3-68) require lawyers to store records at their chief place of practice in British Columbia.
- The USA PATRIOT Act poses a data privacy threat to BC-based lawyers.
- The LSBC discourages lawyers from taking “any unnecessary risk, whether remote or otherwise, [with] confidential client information.”
In taking this position, the LSBC is strongly discouraging its members from making use of any US-based cloud computing service for its members and, via Rule 3-68, arguably prohibiting its members from making use of any off-premise computing resources of any kind as it relates to trust account records.
While the intent of rules such as 3-68 are undoubtedly in the interest of protecting the public and maintaining a high standard of professional responsibility, the practical outcomes of such antiquated guidelines are prohibitively limiting, and threaten to hold the entire legal industry in BC to a standard of technical stagnation and inefficiency. As David Bilinski points out, many of the standards that govern legal practice in BC were developed for a “paper, ink and physical desk environment” rather than a world of high-technology and cloud computing. In their current form these rules impede BC-based lawyers’ abilities to responsibly deploy technologies that can yield benefits for both their practices and their clients, and fosters a widening gap between the technical currency of the legal industry and their peers in other jurisdictions and industries. The LSBC has recently struck a working group to investigate the issue, so there is cause to hold out hope the rules will be updated to reflect current technological and practical realities.
The concern relating to the USA PATRIOT Act is a harder-to-reconcile and, ultimately, higher impact issue for all Canadian-based lawyers and legal regulatory bodies in Canada. The LSBC’s current stance seems to demand that, in order to satisfy concerns over virtual lawyering in BC, a “cloud” based service provider would need to establish Canadian-, if not BC-based, data centers and staff. Even if such measures were able to acceptably localize the storage of sensitive information, the realities of unregulated trans-border data flow (as mentioned by Ms. Garton-Jones) means that data originating from, and destined for Canada may be subject to the PATRIOT Act while in transit using US-based infrastructure. Moreover, the vast majority of US-based cloud computing providers – from Salesforce to 37signals to Google – have no interest in taking on the large expense of establishing a Canadian data center to satisfy the needs of a relatively small market. Even Canadian-based cloud computing providers, such as FreshBooks and Clio (my own company), use US-based infrastructure because of the lack of suitable infrastructure in Canada.
While the far-reaching implications of the PATRIOT Act can’t be ignored, the relative risk of the USA PATRIOT Act as it pertains to confidential client data should be properly assessed prior to imposing far-reaching ban on the use of US-based cloud computing providers. The net effect of these policies, coupled with economic considerations for cloud computing providers, could leave Canadian lawyers without access to tools and resources that are critical to maintaining technical relevance, and a level of practice efficiency on par with peers in more technically progressive jurisdictions.
Although the rise of virtual tools represents a stark departure from the world of traditional desktop-based software, where jurisdictional issues were a moot concern, the realities of the “cloud” are no more transient than the internet itself, and legal regulators need to consider the changing technical landscape as a part of regular policy revision. Lawyers, Law Societies and the Canadian government need to start making efforts to find solutions to the concerns introduced by the PATRIOT Act so as not to harm an entire industry for sake of fear or inaction. The US-EU Safe Harbor framework could provide a useful reference point for Canadian policy makers.
Without action, Canadian lawyers may find themselves left out of the cloud computing revolution, and forced inhabitants of a technology ghetto.