Issue link: http://read.uberflip.com/i/45522
controls the representation, and in an era when the client's property is often the store of data itself, practitioners must be acutely aware of who is acting as the cloud provider, what technologies are used, when backups occur, where the data are located and how the data are stored, transmitted and accessed. Before moving to the cloud, be sure you begin by asking the right questions. 1. What professional standards and ethical considerations surround cloud computing? A variety of standards and ethics rules are developing rapidly at state, federal and international levels. North Carolina, the first state to fully consider the adoption of an ethics rule on cloud computing, expects to issue revisions to its current proposal by the end of 2011. Other states are sure to follow, but one thing remains clear: Ensuring the responsible use of cloud technologies within legal practices is of increasing importance to clients, regulators, insurers and professional associations. While these new rules will prompt attorneys to better understand their cloud providers, one question remains: How detailed will the requirements become for suitable cloud providers? The American Bar Association's Ethics 20/20 Commission has delved into the questions surrounding cloud computing as well, recently formulating three draft proposals to address technology issues pertaining to confidentiality, client development and outsourcing. The current draft versions of these proposals make it clear that: • A lawyer must make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client; • Impermissible lawyer recommendations and fee-sharing arrangements will continue to be of concern in a digital age; and • Obtaining client consent should remain the foremost concern before bringing outside legal counsel into the representation (digitally or otherwise). Since traditional email travels the Internet "in-the-clear" (or unencrypted) through a number of third-party mail handlers (where the data can be stored without either the sender's or receiver's knowledge or consent), it is important to note the recent adoption of the ABA's "Formal Ethics Opinion 11-459," the first statement directly addressing the use of electronic communication in legal practices since 1999. This opinion states in part: "[W]henever a lawyer communicates with a client by email, the lawyer must first consider whether, given the client's situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client." The opinion therefore encourages lawyers to be cautious and deferential to the client when using unencrypted technologies like email to communicate in the course of the representation, especially since third-party access is highly likely, and the nature of the data could be highly sensitive. www.iltanet.org Risky Business 19