Say No to Ethics Grievances! Select the Right Cloud Service Providers!
Choosing the right cloud provider can make the difference between being compliant with your state’s rules of ethics, and facing ethics grievances. You should put a lot of thought into the vendors you choose for the services before making any decision and implementing them in your practice.
Ethics rules in every jurisdiction require you to maintain confidentiality when it comes to client and case related information. You need to be sure that you can maintain privacy and confidentiality, as well as ongoing and uninterrupted access to that data, in order to be compliant. Let’s break that down.
Client Data Privacy
The key to confidentiality is maintaining client data privacy in the cloud. When you’re looking at a cloud based solution provider, you should ask these questions and get very good answers before proceeding any further. Some of the answers may surprise you.
As to storage, is the data encrypted on their servers? Is it properly protected by antivirus software, a strong, firewall, and other security measures? Is the data shared with others, either inside or outside of the company, and if so, for what purpose? If you delete data from the server, how thoroughly is that data erased from the hard drive?
Who owns the data?
This may seem like a silly question, but it has to be asked. You may think that you own the data, but that’s not necessarily true. Ask every site where you may want to store it. Read their policies carefully on this issue, and be sure that the service provider cannot exert any control over your client data by claiming ownership. This is a dealbreaker and needs to be specifically stated in their policies. If it isn’t, run!
How can the data be used?
Again, you may think this is obvious, but think again. There have been many high profile online services that, through their policies, have tried to exert very broad control over the usage of your data. For example, there’s Facebook, which not long ago created quite a bit of controversy when it updated its privacy policies, and apparently granted the company perpetual control over any content posted by its users. You don’t want that to happen to your client data.
Client Data Availability
Your client data can be secure and private, but that does you no good if you can’t get access to it when you need it. Therefore, the importance of a cloud-based providers’ data availability strategies cannot be overstated. But the good news is that, as long as an appropriate strategy is in place, cloud based applications can arguably provide a much higher level of data availability than desktop applications (in other words, the data stored on the hard drives of your computers).
So you need to ask the provider some questions about this. By asking them about their data availability strategies, you are essentially seeking an answer to this very important question: What are you doing to ensure that my data remains available, even in the event of a natural or human-induced disaster? Stuff happens, and the question becomes what the vendor is prepared to do should it happen.
Does the provider have more than one data location? Is there more than one server farm to create some redundancy in your data? If if your client data is hosted in just one data center, this means there is a single point of failure that could, potentially, make the entire application, and your data, unavailable for an indeterminate period of time.
Geographic redundancy, or geo-redundancy, takes advantage of multiple, geographically distributed data centers. In this way, the impact of an outage at one data center can be minimized by automatically switching over to another data center(s).
But redundancy against failure is not enough. The provider also should be, at a minimum, performing daily backups, just like you should, of all data and storing this backup in a secure, offsite location. Ideally, backups should be performed multiple times per day and replicated to multiple, secure offsite locations. just like there should be redundancy in the storage of the original data, there should also be redundancy in the back ups.
But the vendor performing backups does not absolve you of your own responsibility to back up the data. If you are using a cloud Drive, like OneDrive, or Google Drive, you should be syncing it to a local drive and then backing it up from there. Many cloud application vendors also provide backup solutions on their end to places like Amazon Web Services (AWS) drives.
You should not trust the duty task of backing up your data solely to the provider; you should be taking an active role and making sure it happens. You should also ensure that your provider allows for a full export of your data from their system.
Although there are other things that you need to be doing to make sure that you don’t run into ethical trouble with your law firm in the cloud, choosing the right cloud provider by vetting them properly, is a huge step in the right direction.
Was this helpful? Intriguing? Thought provoking? Well, there’s more where that came from! You can get great business and professional practice tips in your inbox every week by subscribing to my newsletter! You’ll get actionable, bite-sized tips every Friday to help you make more money by spending less time and providing better legal services!
Want even more?You can avail yourself of the many resources I provide free of charge. Whether it be my newsletter, my posts on LinkedIn, my videos, or my web site, you will find useful, actionable information and tools for being more successful.
If you liked this information and found it useful, then you might like or need these others: