The Pennsylvania Bar Association’s Committee On Legal Ethics And Professional Responsibility has just released Formal Opinion 2011-200, Ethical Obligations For Attorneys Using Cloud Computing/Software As A Service While Fulfilling The Duties Of Confidentiality And Preservation Of Client Property
As the PA Bar keeps its Ethics Opinions behind a member wall, I’ve attached a copy of it to this post. One of the Committee members has told me I am free to distribute it.
This Opinion indicates that lawyers may ethically allow client confidential material to be stored in “the cloud” provided the lawyer takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks.
Clearly, a lot of time and thought was put into the drafting of this Opinion. There is good background information on the issues and concerns that come up when client information in stored the cloud and when web-based mail services are used. There is also a summary listing of the ethics opinions in this issue from the ABA and other states and entities.
This Opinion considers both the practical and technology-related issues that are raised when lawyers use cloud-based services. While this Opinion is specific to PA Bar Rules of Professional Conduct, lawyers in other jurisdictions will find the information on what care and steps would be considered “reasonable” helpful in directing their own actions. It is nice to see there is a strong emphasis on lawyers being ultimately responsible for making informed decisions about the benefits and risks of placing client data in the cloud. The storing of client data can be outsourced, but the responsibility for making sure it is safe and secure remains with the lawyer.