Online services for lawyers are becoming increasingly com-mon and, for many lawyers, are an attractive alternative to thetraditional law practice management software installed andmaintained on a local server within a law office.

Online services available to attorneys now include law prac-tice management systems, document management platforms,secure email networks, digital dictation services andbilling/timekeeping services. The online platforms areattractive, economical and viable alternatives for firmsof all sizes.

Online e-mail platforms also are increasing in popu-larity. Yahoo, Hotmail and Gmail now are the top threee-mail service providers in the United States, and areused by lawyers and clients alike.

The one thing these various platforms have in com-mon is that the data created and managed by these ser-vices are stored offsite, in the “cloud.” The offsitedata storage issue has resulted in much speculationamong lawyers regarding issues of data security andattorney-client confidentiality.

Before addressing those concerns, let’s define theconcepts at issue.

“Cloud computing” is a “type of computing that iscomparable to grid computing, relies on sharing com-puting resources rather than having local servers or personaldevices to handle applications. The goal of cloud computing is toapply traditional supercomputing power (normally used by mili-tary and research facilities) to perform tens of trillions of com-putations per second.”

Software as a service — or SaaS — is defined at Oracle.comas “[a] software delivery model in which a software firm providesdaily technical operation, maintenance, and support for the soft-ware provided to their client.”

In my opinion, the data security and confidentiality concernsregarding cloud computing are exaggerated and overblown.

Of course an attorney has an obligation to research how an SaaSprovider will handle confidential information, and should deter-mine how securely the data is stored. It is important to ensure thecompany stores the data on servers that meet current industrystandards, performs back-ups regularly, and that you are satisfieddata will not be lost should a catastrophic event occur.

Concerns that third parties could access the data while travel-ing through the “cloud” are downright silly, in my opinion. Thirdparties always have had access to confidential client informa-

tion, including process servers, court employees, document pro-cessing companies, external copy centers and legal documentdelivery services.

Employees of the building in which a law office is located alsohave had access to confidential files, including the cleaning ser-vice and other employees who maintain the premises. Whatabout summer interns, temporary employees and contract attor-

neys?The employees who manage and have access to com-

puter servers are no different. In order to practice laweffectively, third parties necessarily must have accessto certain files. Assurances that the company in ques-tion will make reasonable efforts to ensure employeeswill not access confidential information is all that’srequired.

The New York State Bar Association Committee onProfessional Ethics reached a similar conclusion inOpinion 820-2/08/08, where it answered: “May alawyer use an e-mail service provider that scans e-mails by computer for keywords and then sends or dis-plays instantaneously (to the side of the e-mails inquestion) computer-generated advertisements to usersof the service based on the e-mail communications?”

The committee concluded: “Unless the lawyer learnsinformation suggesting that the provider is materially departingfrom conventional privacy policies or is using the information itobtains by computer-scanning of e-mails for a purpose that,unlike computer-generated advertising, puts confidentiality atrisk, the use of such e-mail services comports with DR 4-101. …A lawyer may use an e-mail service provider that conducts com-puter scans of e-mails to generate computer advertising, wherethe e-mails are not reviewed by or provided to other individuals.”

In other words, common sense prevails. Lawyers must resistthe urge to overreact to emerging technologies.

Common sense dictates that the same confidentiality stan-dards applicable to physical client files likewise apply to com-puter-generated data. To conclude otherwise would be to prohibitlawyers from using computers in their law practices — an unre-alistic and, quite frankly, ridiculous alternative.

Nicole Black is of counsel to Fiandach and Fiandach and isthe founder of lawtechTalk.com, which offers legal technologyconsulting services, and publishes four legal blogs, one of which isPracticing Law in the 21st Century (http://21stcenturylaw.wordpress.com). She may be reached at nblack@nicole-blackesq.com.

THE DAILY RECORDWESTERN NEW YORK ’S SOURCE FOR LAW, REAL ESTATE , F INANCE AND GENERAL INTELL IGENCE S INCE 1908

Monday, August 24, 2009

Should lawyers be wary of SaaS?

By NICOLEBLACKDaily Record Columnist

Reprinted with permission of The Daily Record ©2009