- Posted by Michael Atkinson 13 Jan
- 0 Comments
Cloud computing is today’s most powerful technology that has transformed the way we run our business and we use practices to protect client’s confidential data. We have seen that on-premise technology solutions are costly burdens to mid to small-sized law firms but with the advanced cloud computing technology features, many law firms are migrating to the cloud to host their management systems, applications, documents, email and more to get more security and scalability.
Not only the legal industry, but it is significant for every industry to consider security, privacy and ethical issues when turning to the cloud. Because all clouds are not equal and do not offer scalability and security. To secure the law firm’s ethical obligations, below are the top 5 recommendations that help you ensure your client data remains secure in the cloud.
It Is Recommended To Use a Recognized Provider
Unfortunately, there are many cloud service providers who are available online, which are upstarts, untrustworthy or otherwise they’re a new side ventures for existing companies. Law firms needs more security and cannot simply comprise with their clients’ data by utilizing the services of uncertified and lesser-known provider. So before selecting a provider for your cloud project, it is better to verify that the provider should be recognized in both the technical and legal fields.
Read the Contract, Ensure Your Data is Yours, Forever
It is a realistic assumption that the data you store in the cloud will be yours. So you have to be very careful when signing off the contract. But don’t assume this is the case, even if the provider is renowned and trustworthy. If you want to get better results, we recommend you to use a legal-centric cloud service provider who is experienced with cloud computing and familiar with lawyers’ ethical obligations to handle the legal issues around data privacy and disclosure.
Demand Bank-Grade Security
Generally legal industry doesn’t have a formal regulatory body like other industries such as financial and healthcare. Thus this is the responsibility of experts to ensure the efficiency of the IT system they have in their organizations, whether it is on-premise or in the cloud, just to protect client’s sensitive data. If you’re connected to a law firm or any other business then you must ensure that your cloud service must:
- Use a minimum of 128-bit AES encryption for all data in transit.
- Manage an enterprise-grade firewalls for your corporate network.
- Provide 24-hour network security monitoring that observes for attempted or potential security breaches
- Have correct, documented physical access requirements to their data center.
- Provides you an encrypted/secure email option as part of their email offering.
- Passes annual SSAE16 audits and publish each yearbook audit publicly.
Absolutely Confirm Your Data Will be Stored in the US
One thing every business agrees on is that the confidential information of clients should be stored and managed within the United States. This should be applicable for only cloud-based IT systems but also applies to on-premise systems as well. However it is the point which are usually overlooked by small law firms. Unfortunately, the location where your data going to be stored is mostly unclear or simply not defined by the cloud service providers. It has been stated by Microsoft’s own Office 365 that the confidential data of their clients can be stored or backed up to countries outside the US. Ultimately, it is one of the several reasons why it is better to use a cloud service provider that is legal-centric and dedicated to the legal industry. If you believe that your client’s confidential data is stored or backed up to a country outside the US legal jurisdiction, then it will create a whole host of potential ethical issues.
Clearly Understand What the Provider Will Do In Case Of Subpoena
It is important for you to carefully read the whole contact and get clear understanding of the process that will arise in case of subpoena of data and records. This onus is on you to ensure your service provider will provide you with satisfactory notice if they receive any request for information. Because this has been observed in many cloud service providers, especially those without legal savvy, are woefully unprepared and have no formal process for dealing with a subpoena.
When it is an on-premise server environment, the security of client’s data is of critical importance. This is mainly true for law firms who have proper obligation to secure the confidential data of their clients. If your company is turning completely or part of your system to cloud, you must understand that your firm is moving much of this responsibility to your cloud provider.