North Carolina Revisits Cloud Computing Ethics Opinion

Slaw is Canada's online legal magazine

• CanCourts on Twitter

• Canadian blawgs
search

• TOROG

• Tjaden LLM Thesis

• Quick referrers

• CanLII bookmarklets

• Quix

• Canadian journals'
TOCs

November 21, 2011

Jack Newton

North Carolina Revisits Cloud Computing Ethics Opinion

The North Carolina State Bar has revisited its proposed Formal Ethics Opinion (FEO) on cloud computing and addressed many of the concerns the legal cloud computing community had previously expressed.

The main point of concern with the previous opinion was a list of minimum mandatory requirements that an attorney had to ensure was met by their cloud computing provider. In an open letter to the NC State Bar, the Legal Cloud Computing Association outlined its concerns with the proposed FEO; prominent bloggers such as Carolyn Elefant, Stephanie Kimbro, Erik Mazzone and Niki Black also outlined their concerns about the potential implications of the FEO as written.

The NC State Bar had published the proposed FEO for comments, and to their credit they listened carefully to the feedback they received and have re-issued an updated Proposed 2011 FEO 6 that addresses many of the concerns the LCCA and others had expressed relating to the previous draft.

The NC State Bar has eliminated the mandatory minimum requirement "checklist" from the opinion, rightly pointing out that such checklists are fraught with issues:

This opinion does not set forth specific security requirements because mandatory security measures would create a false sense of security in an environment where the risks are continually changing. Instead, due diligence and frequent and regular education are required.

Instead, the proposed FEO opts for a more flexible set of due diligence requirements:

This opinion does not set forth specific security requirements because mandatory security measures would create a false sense of security in an environment where the risks are continually changing. Instead, due diligence and frequent and regular education are required.

Although a lawyer may use nonlawyers outside of the firm to assist in rendering legal services to clients, Rule 5.3(a) requires the lawyer to make reasonable efforts to ensure that the services are provided in a manner that is compatible with the professional obligations of the lawyer. The extent of this obligation when using a SaaS vendor to store and manipulate confidential client information will depend upon the experience, stability, and reputation of the vendor. Given the rapidity with which computer technology changes, law firms are encouraged to consult periodically with professionals competent in the area of online security. Some recommended security measures are listed below.

• Inclusion in the SaaS vendor’s Terms of Service or Service Level Agreement, or in a separate agreement between the SaaS vendor and the lawyer or law firm, of an agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities.

• If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm will have a method for retrieving the data, the data will be available in a non-proprietary format that the law firm can access, or the firm will have access to the vendor’s software or source code. The SaaS vendor is contractually required to return or destroy the hosted data promptly at the request of the law firm.

• Careful review of the terms of the law firm’s user or license agreement with the SaaS vendor including the security policy.

• Evaluation of the SaaS vendor’s (or any third party data hosting company’s) measures for safeguarding the security and confidentiality of stored data including, but not limited to, firewalls, encryption techniques, socket security features, and intrusion-detection systems.4

• Evaluation of the extent to which the SaaS vendor backs up hosted data.

The NC Bar's proposed FEO, like the ABA 20/20 Ethics Commission Proposals, makes the "reasonable care" standard the baseline to be adhered to, and affirms that a lawyer's duty to protect the confidentiality of client data "does not compel any particular mode of handling confidential information nor does it prohibit the employment of vendors whose services may involve the handling of documents or data containing client information."

The new proposed FEO strikes the right balance of providing guidance to the Bar's members without overly restricting technological freedom. The opinion, as written, can serve as a model for other Bars looking to provide increased clarity on the ethics of cloud computing to their membership.

Jack Newton is co-founder and President of Clio, a leading provider of cloud-based practice management software. Jack writes frequently on the security, ethical, and practical aspects of cloud computing, and has spoken at CLE seminars across Canada and the U.S. about how practice management systems can be used to help a lawyer practice efficiently, ethically and competently. Jack can be reached at jack@goclio.com.
[click on the author's name for more information]

Respond: make a comment

More: in Practice of Law: Future of Practice or Practice of Law: Practice Management or Technology or Technology: Internet or Technology: Office Technology | from Jack Newton

Make a comment:

Note that some comments may be moderated. If you have not had an approved comment here before, your comment will be held for approval. We are glad to publish comments that address issues raised in the post or other comments on it and that contribute to a fruitful discussion. We do not publish comments that seek to promote commercial products, that make personal attacks, or that seek personal legal advice.

Although we do not require it, we ask that in making a comment you use your full name. You must supply a valid email address, which will not appear with your comment.

searching comments Slawtips case summaries TalkLaw/ParLoi noted on Slaw categories SlawNET

the count:
8281 posts | 11497 comments

[get this search box for your site]

SlawTips

Good Communications = Satisfied Clients
Thursday, February 23

As Richard Ferguson, a lawyer friend of ours says on his email message: “People may forget what you said…. People may forget what you did…. but people will never forget … »»

Practice

Current Awareness
Wednesday, February 22

There are two possible approaches to personal current awareness: Develop excellent searching skills so that you can find what you need when you need it Pick a fairly narrow specialty … »»

Research

Top 10 Financial Errors: #10 Rely on the Lottery for Your Partnership Retirement Plan
Thursday, February 16

“It is better to have a permanent income than to be fascinating” was said once by Oscar Wilde. The final tip in this series is the capstone issue in our … »»

Practice

noted on Slaw

Statistics Canada, The Daily, Women in Canada

Available online today are four new chapters of the publication Women in Canada: A Gender-based Statistical Report, which explores the socio-demographic and economic circumstances of Canadian women in general.
Library Boy: Library of Parliament Legislative Summary of Bill on Adding New House of Commons Seats

The bill amends the Constitution Act, 1867 by readjusting the number of members and the representation of the provinces in the House of Commons.
Judges out of touch on privacy issues, says Ontario privacy czar
Ars Technica: Law & Disorder: Startup hopes to hack the immigration system with a floating incubator

Blueseed plans to buy a ship and turn it into a floating incubator anchored in international waters off the coast of California.
An open letter to Canadian journalists - CAJ

Under Prime Minister Stephen Harper, the flow of information out of Ottawa has slowed to a trickle.
EXCESS COPYRIGHT: Fair Dealing Cases in the Supreme Court of Canada - December 6 and 7, 2011 - Links to Factums
Ontario Commissioner Issues Significant Order on Custody or Control of University Records « All About Information

"…the IPC has exclusive jurisdiction to decide whether a record is in the custody or control of a university in the context of an access request…"
Library Boy: Library of Parliament Legislative Summary of Bill To Abolish Firearms Registry
Federation of Law Societies of Canada

John J.L. Hunter, Q.C. of Vancouver has been elected President for 2011-2012
Results of BC CBA Survey on Supreme Court Civil Rules [PDF]

Detailed results from 321 members.

MLB Selected Case Summaries

These summaries of selected recent cases are provided each week to Slaw by Maritime Law Book.
More information.

Moody Estate, Re 2011 ABQB 222

Limitation of Actions - Actions in contract - Actions for debt - General

Moody died on December 3, 2005, leaving four adult children. Pursuant to Moody’s will two of her children, James and Tyrell, were appointed executors of the estate. It was alleged that, during her ...
McLean v. Law Society of Saskatchewan 2012 SKCA 7

Barristers and Solicitors - Discipline - Suspension - For professional misconduct

McLean pled guilty five counts of conduct unbecoming a lawyer. The Discipline Committee suspended him from practice for four months and placed him on indefinite supervision. McLean appealed the length of the penalty.

The Saskatchewan ...
Kelly et al. v. Energy Resources Conservation Board (Alta.) et al. 2012 ABCA 19

Mines and Minerals - Operation of mines, quarries and wells - Licences and permits - Appeals or judicial review - Standing - Costs

Grizzly Resources Ltd. (Grizzly). made an applications to the Energy Resources Conservation Board to drill two sour gas wells on the same site. ...
R. v. Crain (R.N.) 2012 SKCA 8

Narcotic Control - Offences - Trafficking - Elements of

The accused was charged with trafficking in cocaine. The trial judge granted the accused’s motion to discharge the charge. The Crown appealed.

The Saskatchewan Court of Appeal allowed the appeal and ordered a new trial.

Link ...

The re-development
of Slaw is assisted by
a grant from the
Law Foundation of Ontario

TalkLaw/ParLoi

This is a listing of a few upcoming events in Canada of interest to lawyers, law students, legal librarians, and others involved in the practice of law.

Clicking on any event in the list below will give you access to more information and to links allowing you to see the full entry and to add the event to your own calendar.

Click this link for a fuller version of the TalkLaw/ParLoi calendar of events and for instructions as to how to add events and calendars to your own calendar.

categories

Administration of Slaw

Announcements

Case Comment

Columns: Book Review

Columns: Dispute Resolution

Columns: e-Discovery

Columns: Justice Issues

Columns: Legal Information

Columns: Legal Marketing

Columns: Legal Publishing

Columns: Legal Technology

Columns: Outsourcing

Columns: Practice of Law

Education & Training

Education & Training: CLE/PD

Education & Training: Law Schools

Firm Guest Blogger

Hot on CanLII

Legal Information

Legal Information: Information Management

Legal Information: Libraries & Research

Legal Information: Publishing

Miscellaneous

Practice of Law

Practice of Law: Future of Practice

Practice of Law: Marketing

Practice of Law: Practice Management

Reading

Reading: Recommended

Reading: You might like…

Slaw Retweets

Slaw RSS Site News

Substantive Law

Substantive Law: Foreign Law

Substantive Law: Judicial Decisions

Substantive Law: Legislation

Technology

Technology: Internet

Technology: Office Technology

ulc_ecomm_list

SlawNET

These are the great blogs run by our contributors. We recommend them to you.

Avoid A Claim Blog
Clio Blog
Connie Crosby
Connection | A Crosby Group Consulting Blog
eLegal Canton
First Reference Inc.
House of Butter
Law Firm Web Strategy
Law is Cool
Library Boy
Off the Shelf
Quebec Labour Law - Droit du travail au Québec
Thoughtful Legal Management
Vancouver Law Librarian Blog



Slaw is Canada's online legal magazine	• about Slaw • our contributors • our columnists • by date • by category • by author • CanCourts on Twitter • Canadian blawgs search • TOROG • Tjaden LLM Thesis • Quick referrers • CanLII bookmarklets • Quix • Canadian journals' TOCs

Colin Lachance, Joan Rataic-Lang «« older \| newer »» Surviving a Disaster: A Lawyer's Guide to Disaster Planning November 21, 2011 Jack Newton North Carolina Revisits Cloud Computing Ethics Opinion The North Carolina State Bar has revisited its proposed Formal Ethics Opinion (FEO) on cloud computing and addressed many of the concerns the legal cloud computing community had previously expressed. The main point of concern with the previous opinion was a list of minimum mandatory requirements that an attorney had to ensure was met by their cloud computing provider. In an open letter to the NC State Bar, the Legal Cloud Computing Association outlined its concerns with the proposed FEO; prominent bloggers such as Carolyn Elefant, Stephanie Kimbro, Erik Mazzone and Niki Black also outlined their concerns about the potential implications of the FEO as written. The NC State Bar had published the proposed FEO for comments, and to their credit they listened carefully to the feedback they received and have re-issued an updated Proposed 2011 FEO 6 that addresses many of the concerns the LCCA and others had expressed relating to the previous draft. The NC State Bar has eliminated the mandatory minimum requirement "checklist" from the opinion, rightly pointing out that such checklists are fraught with issues: This opinion does not set forth specific security requirements because mandatory security measures would create a false sense of security in an environment where the risks are continually changing. Instead, due diligence and frequent and regular education are required. Instead, the proposed FEO opts for a more flexible set of due diligence requirements: This opinion does not set forth specific security requirements because mandatory security measures would create a false sense of security in an environment where the risks are continually changing. Instead, due diligence and frequent and regular education are required. Although a lawyer may use nonlawyers outside of the firm to assist in rendering legal services to clients, Rule 5.3(a) requires the lawyer to make reasonable efforts to ensure that the services are provided in a manner that is compatible with the professional obligations of the lawyer. The extent of this obligation when using a SaaS vendor to store and manipulate confidential client information will depend upon the experience, stability, and reputation of the vendor. Given the rapidity with which computer technology changes, law firms are encouraged to consult periodically with professionals competent in the area of online security. Some recommended security measures are listed below. • Inclusion in the SaaS vendor’s Terms of Service or Service Level Agreement, or in a separate agreement between the SaaS vendor and the lawyer or law firm, of an agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities. • If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm will have a method for retrieving the data, the data will be available in a non-proprietary format that the law firm can access, or the firm will have access to the vendor’s software or source code. The SaaS vendor is contractually required to return or destroy the hosted data promptly at the request of the law firm. • Careful review of the terms of the law firm’s user or license agreement with the SaaS vendor including the security policy. • Evaluation of the SaaS vendor’s (or any third party data hosting company’s) measures for safeguarding the security and confidentiality of stored data including, but not limited to, firewalls, encryption techniques, socket security features, and intrusion-detection systems.4 • Evaluation of the extent to which the SaaS vendor backs up hosted data. The NC Bar's proposed FEO, like the ABA 20/20 Ethics Commission Proposals, makes the "reasonable care" standard the baseline to be adhered to, and affirms that a lawyer's duty to protect the confidentiality of client data "does not compel any particular mode of handling confidential information nor does it prohibit the employment of vendors whose services may involve the handling of documents or data containing client information." The new proposed FEO strikes the right balance of providing guidance to the Bar's members without overly restricting technological freedom. The opinion, as written, can serve as a model for other Bars looking to provide increased clarity on the ethics of cloud computing to their membership. Jack Newton is co-founder and President of Clio, a leading provider of cloud-based practice management software. Jack writes frequently on the security, ethical, and practical aspects of cloud computing, and has spoken at CLE seminars across Canada and the U.S. about how practice management systems can be used to help a lawyer practice efficiently, ethically and competently. Jack can be reached at jack@goclio.com. [click on the author's name for more information] Respond: make a comment Share: Email \| Save as PDF \| Print \| Bookmark & Share \| \| More: in Practice of Law: Future of Practice or Practice of Law: Practice Management or Technology or Technology: Internet or Technology: Office Technology \| from Jack Newton Make a comment: Note that some comments may be moderated. If you have not had an approved comment here before, your comment will be held for approval. We are glad to publish comments that address issues raised in the post or other comments on it and that contribute to a fruitful discussion. We do not publish comments that seek to promote commercial products, that make personal attacks, or that seek personal legal advice. Although we do not require it, we ask that in making a comment you use your full name. You must supply a valid email address, which will not appear with your comment. Click here to cancel reply. Name (required) Mail (will not be published) (required)		searching comments Slawtips case summaries TalkLaw/ParLoi noted on Slaw categories SlawNET search Slaw: the count: 8281 posts \| 11497 comments Slaw's canadian law blogs search: [get this search box for your site] recent comments Connie Crosby on First Ever Twitter Moot: #Twtmoot Nate Russell on First Ever Twitter Moot: #Twtmoot Philip Corwin on Cloud Storage in the Age of SOPA and Megaupload David Cheifetz on First Ever Twitter Moot: #Twtmoot John Gregory on First Ever Twitter Moot: #Twtmoot Yosie Saint-Cyr on Systemic Discrimination in Law Firms: Perception or Reality? My Point of View David Bilinsky on First Ever Twitter Moot: #Twtmoot David Cheifetz on Report Labels WiFi Dangerous in Schools David Collier-Brown on Plan a Copyright Day Now! Colin Lachance on A Milestone for Canlii – the Odometer Clicks Over Simon Chester on A Milestone for Canlii – the Odometer Clicks Over Simon Chester on First Ever Twitter Moot: #Twtmoot Hubert David on Visiteurs Internationaux Sur Un Site D’information Juridique: Des Visiteurs Non Désirés?! \| International Visitors to a Legal Information Website: Unwelcome Guests? David Cheifetz on Visiteurs Internationaux Sur Un Site D’information Juridique: Des Visiteurs Non Désirés?! \| International Visitors to a Legal Information Website: Unwelcome Guests? Deborah on Privacy Commissioner Explains Problems With Proposed Lawful Access Law SlawTips Good Communications = Satisfied Clients Thursday, February 23 As Richard Ferguson, a lawyer friend of ours says on his email message: “People may forget what you said…. People may forget what you did…. but people will never forget … »» Practice Current Awareness Wednesday, February 22 There are two possible approaches to personal current awareness: Develop excellent searching skills so that you can find what you need when you need it Pick a fairly narrow specialty … »» Research Top 10 Financial Errors: #10 Rely on the Lottery for Your Partnership Retirement Plan Thursday, February 16 “It is better to have a permanent income than to be fascinating” was said once by Oscar Wilde. The final tip in this series is the capstone issue in our … »» Practice noted on Slaw Statistics Canada, The Daily, Women in Canada Available online today are four new chapters of the publication Women in Canada: A Gender-based Statistical Report, which explores the socio-demographic and economic circumstances of Canadian women in general. Library Boy: Library of Parliament Legislative Summary of Bill on Adding New House of Commons Seats The bill amends the Constitution Act, 1867 by readjusting the number of members and the representation of the provinces in the House of Commons. Judges out of touch on privacy issues, says Ontario privacy czar Ars Technica: Law & Disorder: Startup hopes to hack the immigration system with a floating incubator Blueseed plans to buy a ship and turn it into a floating incubator anchored in international waters off the coast of California. An open letter to Canadian journalists - CAJ Under Prime Minister Stephen Harper, the flow of information out of Ottawa has slowed to a trickle. EXCESS COPYRIGHT: Fair Dealing Cases in the Supreme Court of Canada - December 6 and 7, 2011 - Links to Factums Ontario Commissioner Issues Significant Order on Custody or Control of University Records « All About Information "…the IPC has exclusive jurisdiction to decide whether a record is in the custody or control of a university in the context of an access request…" Library Boy: Library of Parliament Legislative Summary of Bill To Abolish Firearms Registry Federation of Law Societies of Canada John J.L. Hunter, Q.C. of Vancouver has been elected President for 2011-2012 Results of BC CBA Survey on Supreme Court Civil Rules [PDF] Detailed results from 321 members. MLB Selected Case Summaries These summaries of selected recent cases are provided each week to Slaw by Maritime Law Book. More information. Moody Estate, Re 2011 ABQB 222 Limitation of Actions - Actions in contract - Actions for debt - General Moody died on December 3, 2005, leaving four adult children. Pursuant to Moody’s will two of her children, James and Tyrell, were appointed executors of the estate. It was alleged that, during her ... McLean v. Law Society of Saskatchewan 2012 SKCA 7 Barristers and Solicitors - Discipline - Suspension - For professional misconduct McLean pled guilty five counts of conduct unbecoming a lawyer. The Discipline Committee suspended him from practice for four months and placed him on indefinite supervision. McLean appealed the length of the penalty. The Saskatchewan ... Kelly et al. v. Energy Resources Conservation Board (Alta.) et al. 2012 ABCA 19 Mines and Minerals - Operation of mines, quarries and wells - Licences and permits - Appeals or judicial review - Standing - Costs Grizzly Resources Ltd. (Grizzly). made an applications to the Energy Resources Conservation Board to drill two sour gas wells on the same site. ... R. v. Crain (R.N.) 2012 SKCA 8 Narcotic Control - Offences - Trafficking - Elements of The accused was charged with trafficking in cocaine. The trial judge granted the accused’s motion to discharge the charge. The Crown appealed. The Saskatchewan Court of Appeal allowed the appeal and ordered a new trial. Link ... The re-development of Slaw is assisted by a grant from the Law Foundation of Ontario TalkLaw/ParLoi This is a listing of a few upcoming events in Canada of interest to lawyers, law students, legal librarians, and others involved in the practice of law. Clicking on any event in the list below will give you access to more information and to links allowing you to see the full entry and to add the event to your own calendar. Click this link for a fuller version of the TalkLaw/ParLoi calendar of events and for instructions as to how to add events and calendars to your own calendar. categories Administration of Slaw Announcements Case Comment Columns: Book Review Columns: Dispute Resolution Columns: e-Discovery Columns: Justice Issues Columns: Legal Information Columns: Legal Marketing Columns: Legal Publishing Columns: Legal Technology Columns: Outsourcing Columns: Practice of Law Education & Training Education & Training: CLE/PD Education & Training: Law Schools Firm Guest Blogger Hot on CanLII Legal Information Legal Information: Information Management Legal Information: Libraries & Research Legal Information: Publishing Miscellaneous Practice of Law Practice of Law: Future of Practice Practice of Law: Marketing Practice of Law: Practice Management Reading Reading: Recommended Reading: You might like… Slaw Retweets Slaw RSS Site News Substantive Law Substantive Law: Foreign Law Substantive Law: Judicial Decisions Substantive Law: Legislation Technology Technology: Internet Technology: Office Technology ulc_ecomm_list SlawNET These are the great blogs run by our contributors. We recommend them to you. Avoid A Claim Blog Clio Blog Connie Crosby Connection \| A Crosby Group Consulting Blog eLegal Canton First Reference Inc. House of Butter Law Firm Web Strategy Law is Cool Library Boy Off the Shelf Quebec Labour Law - Droit du travail au Québec Thoughtful Legal Management Vancouver Law Librarian Blog
more columns on: · e-discovery · justice issues · legal information · legal marketing · legal publishing · legal technology · outsourcing · practice of law	· about Slaw · about our contributors · about our columnists · archives by date · archives by category · archives by author · contact us · subscribe with RSS · subscribe by email · subscribe by topic/author · follow us on twitter © copyright information · 15 prior posts · 30 prior posts · 50 prior posts	member login

North Carolina Revisits Cloud Computing Ethics Opinion

Make a comment:

SlawTips

Good Communications = Satisfied Clients Thursday, February 23

Current Awareness Wednesday, February 22

Top 10 Financial Errors: #10 Rely on the Lottery for Your Partnership Retirement Plan Thursday, February 16

Good Communications = Satisfied Clients
Thursday, February 23

Current Awareness
Wednesday, February 22

Top 10 Financial Errors: #10 Rely on the Lottery for Your Partnership Retirement Plan
Thursday, February 16