The New York City Bar Association’s recent report, The Cloud and the Small Law Firm: Business, Ethics and Privilege Considerations (November 2013) offers reasonable enough advice to solo and small law firms contemplating a move to the cloud. Evaluate the vendor. Review and understand the terms of the service agreement, including the level of security promised, the ability to access data and data breach notification policies. Assess the risks associated with housing certain types of data against the benefits of convenience and accessibility that the cloud provides. Understand that lawyers have a unique ethics obligation to protect and preserve client data. In short, nothing that lawyers haven’t already heard in the more than fourteen state ethics decisions of the past five years addressing the cloud (though the Report has value in that it summarizes these opinions all in one place).
Still, while the Report offers solid advice to lawyers considering the cloud, I take issue with the proposed solutions. We’ve reached a point where solo and small firm lawyers need more than just advice on evaluating the cloud. Rather, we need the bar associations to actually take action to facilitate adoption of the cloud in those situations where it is appropriate…
Why is that so important? Because increasingly, today’s clients are growing accustomed to using the Internet for professional transactions. Consumers engage in online banking, they file taxes online and access medical records from their doctor. Likewise, they have the ability to meet some legal needs through online form providers like Legal Zoom, Rocket Lawyer or a myriad of other options. Once accustomed to convenience, consumers aren’t going to wait around for lawyers to get with the program. So unless lawyers have a valid reason for not using the cloud to work with a client (for example, if one’s client were Edward Snowden, there would certainly be a reason to avoid the cloud), they need to make the option available or clients will go elsewhere. This is a particular concern for many solos and smalls who could potentially lose clients to non-lawyer providers.
But instead of coming up with ways to facilitate lawyer adoption of the cloud to accommodate clients, the Report either offers inelegant solutions — or none at all. For example, the Report suggests that lawyers disclose and obtain client consent to use the cloud. Talk about putting up a red flag. The client, who has never been required to consent to online banking or tax filing or storage of medical information online is now asked to consent to use of the cloud by the lawyer. Immediately, this request will make the client wonder “Is there something so deficient with this lawyer’s system that I have to sign my rights away?”
The other problem with disclosure is that it doesn’t solve anything. If there’s no risk to housing documents in the cloud (for example, if they’re already part of the public record), then there’s no need for disclosure. On the other hand, if documents are so sensitive or the client is a target for hackers (again, the Snowden example), then client consent or not, the lawyer shouldn’t be putting those documents in the cloud.
The Report also notes that inclusion of certain terms in service agreements or the vendor’s unilateral ability to change terms of service is problematic (Report at 23) — but blithely continues that “until this imbalance of bargaining position changes, you must determine what other assurances will be enough to be considered “reasonable.” Instead of just commenting on the lack of bargaining power — which is a huge problem for solos and smalls, why doesn’t the bar do something about it? When government agencies expressed interest in going on Facebook, the General Services Administration (GSA) negotiated special terms of service so that Facebook would comply with government policies. Why can’t the bar associations (not just New York, but all fifty of them and the ABA) band together to negotiate terms of service on behalf of solos and smalls? You can bet that large firms have the bargaining power to negotiate terms — but without aggregated effort, solos and smalls don’t have this option.
Finally, while many solos and smalls are sufficiently comfortable with technology to capably evaluate a cloud solution, some are not. If this is a problem, why can’t the bars fund a technology committee to certify products for solos and smalls. Many bars have certified banks as IOLTA trust account providers; they should do the same for cloud technology. Solos and smalls would not be restricted to choosing those products certified by the bar but for those lawyers who lack the confidence to vet products on their own, purchasing a product with the bar’s seal of approval would be deemed to satisfy their ethics obligations.
By now, solos and smalls are already fairly well versed in the risks and benefits of cloud computing. Now, it’s time for the next chapter: sound solutions and real action that will allow solos and smalls and their clients to enjoy the benefits of the cloud, just like their big firm and non-lawyer counterparts.
Carolyn Elefant has been blogging about solo and small firm practice at MyShingle.com since 2002 and operated her firm, the Law Offices of Carolyn Elefant PLLC, even longer than that. She’s also authored a bunch of books on topics like starting a law practice, social media, and 21st century lawyer representation agreements (affiliate links). If you’re really that interested in learning more about Carolyn, just Google her. The Internet never lies, right? You can contact Carolyn by email at firstname.lastname@example.org or follow her on Twitter at @carolynelefant.