Monday, June 15, 2015

Little Fluffy Clouds: New Ethics Opinion, New Policies, New Trends



With musical accompaniment optional (but recommended), we take note of the new ethics opinion from the State Bar of Wisconsin: "Cloud Computing is the New Norm: Ethics Opinion Outlines Lawyer Obligations" --
  • "Wisconsin Formal Ethics Opinion EF-15-01 (Ethical Obligations of Attorneys Using Cloud Computing), issued by the State Bar of Wisconsin’s Professional Ethics Committee, notes that increased lawyer accessibility to cloud-based platforms and services comes with a direct loss of control over client information... Lawyers can use cloud computing services if the lawyer uses reasonable efforts to adequately address the potential risks associated with it, the opinion concludes."
  • "'To be reasonable,' the opinion states, 'the lawyer’s efforts must be commensurate with the risks presented.' The opinion acknowledges that lawyers cannot guard against every conceivable danger when using cloud-based services, but lists numerous factors to consider when assessing the risk of using cloud-based services in their practices."
Next, we turn to news of an interesting intersection of these issues driven by client and management concerns meeting lawyer expectations and the line between personal and professional activity at work: "Which Biglaw Firm Has Blocked Personal Email?" --
  • "We’ve received tips that not one, not two, but three different Biglaw behemoths have recently made moves to block all personal, web-based email, such as Gmail, AOL (is that still a thing? I think it’s a thing.), Yahoo!, Hotmail, etc. from computers on the firms’ networks."
  • As reported in the linked new story, one 1400+ lawyer firm's memo reads: "One of the repeated demands by our clients is that we prevent our users from accessing Webmail programs (Gmail, AOL, Yahoo, Comcast…) through our network. In general, there are two reasons for that insistence. First, accessing Webmail programs through our network enables client and firm data to leave the Firm without tracking. Second, Webmail programs can be the vehicle for the introduction of malware into the Firm’s network. This is not a hypothetical risk: our IT team reports that that has occurred in the Mayer Brown network."
  • The article also notes an update from a source at a 2000+ lawyer firm with similar policies, which have evolved: "[Webmail] has been disabled for all our 'normal' browsers, but we have been given a new, limited functionality “External Webmail Browser” by which we can access gmail/personal email accounts and external instant messaging services. Our reasons were also driven by client security demands."
Industry tech luminary Jeff Brandt published an open letter in response, which stops short of explicitly shoeing millennials, with their various chats and grams apps, off his law, but might be best (cheekily) summed up as "Welcome to the new age. Lol. Kthxbye."

Still, with some clients actively embracing the cloud and looking for closer collaboration with law firms in that realm, and recalling security and privilege debates about email in its infancy, it feels like there's a balance to be struck on all fronts...

Thus, we close with an excellent overview from the Legal IT Insider (aka "The Orange Rag") highlighting firms' navigating cloud adoption: "Passing Clouds: The Cloud Club – Client Consent Not Required?" --
  • "IT departments backed by their partnerships, by bringing in or looking at bringing in what they still often dare not call cloud, are – unusually for the legal sector – ahead of many of their clients, particularly those in regulated industries such as the finance and insurance sectors."
  • "Other clients say they would be prepared to give informed consent subject to certain assurances – Vodafone’s group general counsel Rosemary Martin told the Legal IT Insider: 'No-one has asked me yet but it would depend – anything very sensitive such as major litigation or major M&A we would be a bit twitchy about. More run of the mill stuff we would probably be fairly relaxed about. I’d want assurance the cloud and access to it were truly secure.'"
  • "A similar position is taken by Suzanne Wise, group GC and company secretary at Network Rail, who said: 'I would want to be informed and would ideally like confirmation that the information was as secure as it had been.'"
  • "At Keystone Law, which operates a heavily IT-reliant dispersed model and signed with NetDocuments earlier this year, IT Director Maurice Tunney said: 'Most of our clients are start-ups or small-to-medium enterprises who want to be assured that their data is secure and for our larger banks and insurance companies, we have not had any concerns raised about the fact that their data is stored in the cloud. If it was raised then we would re-assure them that it is highly secure and meets all the necessary security accreditations and requirements.' Tunney was previously at FieldFisher, which became one of the first firms to place its DMS in the cloud with Virtustream on a PaaS model."
  • "At Farrer & Co, which went through a stringent DMS tender process involving numerous partners as part of an 11-strong project committee, Davison said: 'Clients trust us to make sure their documents are secure. We are now answering the question ‘are you ISO27001 certified?’ with a ‘yes’. ‘Is your data encrypted?’ ‘Yes’. We couldn’t have done that before and most law firms can’t.'"
  • "Firms are, of course, not obliged to seek client consent by the Solicitors Regulation Authority (SRA), which acknowledges in its November 2013 Silver Linings: cloud computing, law firms and risk paper that from a client care perspective, solicitors have implied consent to confidential information being passed to external IT providers. They are also largely updating their terms and conditions to reflect the fact they have a hosted DMS."

No comments:

Post a Comment