14. There is a profound message here
for lawyers—when thinking IT and
the Internet, the challenge is not
to automate current working
practices that are not efficient.
The challenge is to
innovate, to practice
law in ways that we
could not have done in
the past.
14
26. North
Carolina
State
Bar
Ethics
Inquiry
•2011
FEO
6
"Subscribing
to
So.ware
as
a
Service
While
Fulfilling
Confiden*ality
and
Preserva*on
of
Client
Property"
•First
ethics
opinion
in
North
America
specifically
focused
on
use
of
cloud
compu*ng
in
a
law
firm
27. Inquiry
#1
Is
it
within
the
Rules
of
Professional
Conduct
for
an
attorney/law
7irm
to
use
online
("cloud
computing")
practice
management
programs
(e.g.,
the
Clio
program)
as
part
of
the
practice
of
law?
These
are
instances
where
the
software
program
is
accessed
online
with
a
password
and
is
not
software
installed
on
a
computer
within
the
5irm's
of5ice.
28. North
Carolina
Proposed
Formal
Ethics
Opinion
Yes,
provided
steps
are
taken
effectively
to
minimize
the
risk
of
inadvertent
or
unauthorized
disclosure
of
con5idential
client
information
and
to
protect
client
property,
including
5ile
information,
from
risk
of
loss.
29. Other
States
Following
Suit
• Pennsylvania
Formal
Opinion
2011-‐200
• California
Formal
Opinion
No.
2010-‐179
• Alabama
State
Bar
Ethics
Opinion
2010-‐02
• Arizona
State
Bar
Formal
Opinion
09-‐04
• Nevada
State
Bar
Formal
Opinion
No.
33
• New
York
State
Bar
Associa*on
Opinion
842
of
2010
• Iowa
Op.
11-‐01
• Oregon
Formal
Op.
2011-‐188
• Vermont
Advisory
Ethics
Op.
2010-‐6
• Massachuse[s
MBA
Ethics
Opinion
12-‐03
29
30. ABA
20/20
Ethics
Commission
•Examining
how
a
lawyer’s
ethical
responsibili*es
apply
to
cloud
compu*ng
•Recommenda*ons
adopted
in
August
2012
30
31. ABA
20/20
Ethics
Commission
•The
development
of
a
centralized,
user-‐friendly
website
that
contains
con*nuously
updated
and
detailed
informa*on
about
confiden*ality-‐related
ethics
issues
arising
from
lawyer’s
use
of
technology,
including
the
latest
data
security
standards.
•Amendments
to
several
Model
Rules
of
Professional
Conduct
and
their
Comments
to
offer
specific
guidance
and
expecta*ons
rela*ng
to
technology.
31
32. ABA
20/20
Ethics
Commission
The
Commission
concluded
that
competent
lawyers
must
have
some
awareness
of
basic
features
of
technology.
To
make
this
point,
the
Commission
is
recommending
an
amendment
to
Comment
[6]
of
Model
Rule
1.1
(Competence)
that
would
emphasize
that,
in
order
to
stay
abreast
of
changes
in
the
law
and
its
practice,
lawyers
need
to
have
a
basic
understanding
of
technology’s
bene5its
and
risks.
32
33. ABA
20/20
Ethics
Commission
Proposed
new
Model
Rule
1.6(c)
would
make
clear
that
a
lawyer
has
an
ethical
duty
to
take
reasonable
measures
to
protect
a
client’s
con7idential
information
from
inadvertent
disclosure
and
unauthorized
access.
This
duty
is
already
implicit
in
Model
Rule
1.6
and
is
described
in
several
existing
comments,
but
the
Commission
concluded
that,
in
light
of
the
pervasive
use
of
technology
to
store
and
transmit
con5idential
client
information,
this
obligation
should
be
stated
explicitly
in
the
black
letter
of
Model
Rule
1.6.
33
34. ABA
Model
Rules
of
Professional
Conduct
“ When transmitting a communication that includes
information relating to the representation of a client, the
lawyer must take reasonable precautions to prevent the
information from coming into the hands of unintended
recipients. This duty, however, does not require that the
lawyer use special security measures if the method of
communication affords a reasonable expectation of
privacy.” (Emphasis added)
Comment 17, Rule 1.6
34
38. terminology
•Secure
Sockets
Layer
(SSL)
ØIndustry
standard
protocol
for
securing
Internet
communica*ons
ØBanks,
e-‐commerce
sites
(Amazon.com,
etc.)
all
use
SSL
for
secure
communica*ons
52. privacy
•Does
the
SaaS
provider
have
a
published
privacy
policy?
•Need
to
ensure
you
own
your
data
•The
private
client
informa*on
stored
with
your
SaaS
provider
cannot
be
used
for
any
other
purposes
53. facebook
privacy
policy
You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid,
worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store,
retain,
publicly
perform
or
display,
transmit,
scan,
reformat,
modify,
edit,
frame,
translate, excerpt, adapt, create derivative works and distribute (through multiple tiers),
any User Content you (i) Post on or in connection with the Facebook Service or the promotion
thereof subject only to your privacy settings.
You may remove your User Content from the Site at any time. If you choose to remove your User
Content, the license granted above will automatically expire, however you acknowledge that
the Company may retain archived copies of your User Content.
54. TRUSTe
How
is
sensi*ve
informa*on
being
handled?
“TRUSTe’s
program
requirements
are
based
upon
the
Fair
Informa*on
Principles
and
OCED
Guidelines
around
no*ce,
choice,
access,
security,
and
redress
-‐
the
core
founda*ons
of
privacy
and
building
trust.
Sealholders
are
required
to
undergo
a
rigorous
review
process
to
assess
the
accuracy
of
privacy
disclosures
and
compliance
with
TRUSTe’s
requirements
in
order
to
obtain
cer*fica*on.”
60. Data
Loca/on
•Where
is
main
data
center(s)
•Is
data
backed
up
to
mul*ple
offsite
loca*ons?
61. external
backup
provisions
•Can
you
perform
an
export
of
your
data?
Comma
Separated
Values
(CSV)
Extensible
Markup
Language
(XML)
Microso1
Excel
(XLS)
63. op*on
1:
data
export
Comma
Separated
Values
(CSV)
Extensible
Markup
Language
(XML)
Microso1
Excel
(XLS)
Cross
your
fingers
and
hope
you’re
up
to
date…
67. terms
of
service
•Easily
accessible,
published
ToS?
•Outlines
the
condi*ons
under
which
you
agree
to
use
the
service
•Ensure
you’ve
reviewed
and
accepted
your
provider’s
terms
of
service
68. service
level
agreement
•SLA
•Outlines
guaranteed
up*me
percentages
•E.g.
99.9%
•Usually
providers
for
some
kind
of
compensa*on
if
down*me
exceeds
SLA
guarantee