Sarah Jane Hughes has published an important new article on cloud computing and legal ethics, written from the perspective of the ABA Model Rules of Professional Conduct. Because California’s ethics rules have not yet had the benefit of an update to take changes in technology into consideration, the ABA Model Rules, including comments to those rules which provide additional guidance, are highly instructive. In her article, Hughes updates her prior work regarding the risks posed by storing clients’ data in the cloud, including data breach and government surveillance, with discussions of several recent high profile examples to illustrate the risks posed, including malware threats posed by hackers. Key risks come from data breaches (internal and external) as well as secret back doors in electronic devices including tablets and phones and the encryption breaking software of the National Security Administration. The article questions whether lawyers can rely on safe harbors based on data encryption given NSA capabilities. At the same time, she suggests that disclosure of client data should not constitute a waiver of the attorney client privilege, because it is not intentional or voluntary.
The article also details a scheme for classifying data in terms of three levels of security and provides a well organized range of strategies aimed at minimizing the risks of disclosure and protecting client data. These include understanding the contracts of cloud service vendors, managing issues with clients through disclosure and informed consent, and implementation of training and audit procedures. For sensitive matters she advocates considering reversion to low tech processes including the use of typewriters. She also details lawyers’ obligations regarding notification of clients in data breach scenarios. An excellent read for those tasked with implementation of data management in a legal environment. The topic of legal ethics and cloud computing deserves further attention as lawyers have navigated their practices to the cloud.
About Carole J. Buckner
Carole J. Buckner is a Partner and General Counsel with Procopio in San Diego, California. She is an AV Peer Review Rated sole practitioner admitted to the California State Bar in 1984. She holds a BA from the University of California at Berkeley (1980) and a JD from the University of California, Hastings College of the Law in San Francisco (1984). She is available for consulting and legal advice in the field of legal ethics and issues involving professional responsibility, and the law of lawyering.