A new ethics opinion has Massachusetts lawyers scrambling to analyze the ethical risks of data loss associated with cloud computing.  In Opinion 12-03 [Click Here] The Committee on Professional Ethics of the MBA, addressed:

“whether it would violate Lawyer’s obligations under the Massachusetts Rules of Professional Conduct to store confidential client information using Google docs or some other Internet based storage solution, and to synchronize his computers and other devices that contain or access such information over the Internet”.

After analyzing its prior opinions and those of other ethical advisory bodies, the Committee concluded that lawyers may use an internet-based service provider to store confidential client data so long as reasonable efforts are undertaken to comply with the obligation to keep client information confidential.

According to the Committee opinion, “reasonable efforts” include:

(a)    examining the provider’s terms of use and written policies and procedures with respect to data privacy and the handling of confidential information;

(b)   ensuring that the provider’s terms of use and written policies and procedures prohibit unauthorized access to data stored on the provider’s system, including access by the provider itself for any purpose other than conveying or displaying the data to authorized users;

(c)   ensuring that the provider’s terms of use and written policies and procedures, as well as its functional capabilities, give the Lawyer reasonable access to, and control over, the data stored on the provider’s system in the event that the Lawyer’s relationship with the provider is interrupted for any reason (e.g., if the storage provider ceases operations or shuts off the Lawyer’s account, either temporarily or permanently);

(d) examining the provider’s existing practices (including data encryption, password protection, and system back ups) and available service history (including reports of known security breaches or “holes”) to reasonably ensure that data stored on the provider’s system actually will remain confidential, and will not be intentionally or inadvertently disclosed or lost; and

(e) periodically revisiting and reexamining the provider’s policies, practices and procedures to ensure that they remain compatible with Lawyer’s professional obligations to protect confidential client information reflected in Rule 1.6(a).

The Boston technology lawyers at Raymond Law Group LLC  regularly work with clients to address technology, privacy and data loss issues in Boston and throughout Massachusetts.