North Carolina Lawyers Weigh Ethical Questions on Using Cloud Computing for Clients' Records

The North Carolina State Bar has issued a preliminary opinion that it is ethical for attorneys to use Software-as-a-Service products if "reasonable care" is taken to minimize risks to the "confidentiality and to the security of client information and client files."

The initial opinion will be published in a state legal publication and comments will be made by interested parties before a formal opinion is released.

North Carolina is believed to be one of the first legal boards in North America to issue a legal opinion on using SaaS (News - Alert) in a law firm.

"It is a good step that the bar association is allowing it," said Asheville, NC, Attorney Sara Hanley, a partner at Place & Hanley. She said that their office uses Clio, a web-based legal practice management product, because she needs to a have mobile, secure and convenient way to access records while appearing in courts for cases in diverse locations across the country. Clio can be accessed from any Internet-enabled computer or mobile device.

The North Carolina legal board said that SaaS entails having records accessed online with a password rather than having software and records in the attorneys' offices under the lawyers' direct control. Therefore, steps need to be taken by lawyers to "minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including file information, from risk of loss," the legal board said.

"Although a lawyer has a professional obligation to protect confidential information from unauthorized disclosure, the Ethics Committee has long held that this duty does not compel any particular mode of handling confidential information nor does it prohibit the employment of vendors whose services may involve the handling of documents or data containing client information," the board added. "Moreover, the committee has held that, while the duty of confidentiality extends to the use of technology to communicate, 'this obligation does not require that a lawyer use only infallibly secure methods of communication.' … Rather, the lawyer must use reasonable care to select a mode of communication that, in light of the circumstances, will best protect confidential communications and the lawyer must advise effected parties if there is reason to believe that the chosen communications technology presents an unreasonable risk to confidentiality."

Additionally, the North Carolina State Bar outlined a list of 23 questions for its members to consider and ask of SaaS providers to ensure there is minimal risk to client confidentiality and security.

The "reasonable care" standard is similar to a December 2009 opinion by the State Bar of Arizona's Committee on the Rules of Professional Conduct, which said that "reasonable precaution" should be taken.

Themis Solutions Inc., provider of Web-based legal practice management products including Clio, was pleased by the North Carolina opinion.

In a related matter, Themis Solutions reports that several legal technology consulting firms have signed on to be inaugural Clio Certified Consultants, including MicroLaw, an independent legal technology consulting company run by Ross Kodner.