Client Data and Cloud Computing

Nearly 11% of those responding to last weekend’s cloud computing poll said they will not entrust client data to a third party. That leaves me wondering how these lawyers manage to practice law.

Do they make phone calls? Do they use e-mail? Do their clients? How do they back up their files? Do they have cleaning staff? A shredding service? A copier repair service? Do they accept credit cards? Do they store old files outside the office? Do they take client files to court—or anywhere else? Do they practice in federal court?

Because all these things involve (or potentially involve) entrusting third parties with client data.


Just sending an e-mail involves probably a dozen or more third parties. Cleaning staff are third parties, too, generally without security policies but with access to stacks of client data. Shredding services haul client data out of the office by the barrel. Unencrypted laptops offer ample opportunities to lose client data to unknown—probably unfriendly—third parties.

It is all but impossible to practice law without entrusting client data to third parties, few of which have the comprehensive security and privacy policies of Google. Or in the legal software world, Rocket Matter or Clio.

To be sure, some cloud computing services present a security risk. On the other hand, a lot of cloud computing services are perfectly safe to use in your law practice, as bar association ethics committees around the country are discovering.

The real problem, I have long thought, is that a lot of lawyers think they are safe just because they do not use cloud computing services. Actually, as Google’s enterprise chief recently pointed out, your client data is probably safer on Google’s cloud than on your computer. The less computer-savvy the lawyer, the more this holds true.

Ironically, the Luddites who refuse to even consider putting client data in the cloud would be better off if they did. Their clients would be, anyway.

(image: http://www.flickr.com/photos/ivanwalsh/3649492427/)

Legal Ethics, Legal Marketing

, , , , , ,

  • Daniel Nunes

    I just read the post … I’m clapping! Excellent!

    Only failed to mention the LawRD – Reports on Demand! :)

  • http://lawyerist.com/author/karinconroy/ Karin Conroy

    This is the missing element to the opposing argument that has been going on this week: what is the alternative and how safe is it? I’m not a lawyer and have no interest in reading Google’s privacy policy because I know it is safer than leaving a stack of paper on my desk. Those who are opposing the cloud and quoting minutia from those policies would be better served spending that time analyzing the safety of their door locks and mobile phone.

  • http://ethicsmaven.com/ Eric Cooperstein

    Sam, I’m scared for you. Next thing I know you’ll be telling me you buy things over the internet using your credit card. That’s just crazy! But keep thinking big!

  • http://www.totalattorneys.com Kevin Chern

    I agree with Daniel on this one…standing ovation! The idea that an office-based computer harddrive or even a laptop would be more stable and secure than an encrypted SaaS product with redundant backup on a large server in a remote, high-security facility makes no sense. Hopefully, your post will open a few eyes.

  • http://www.netdocuments.com Danny Johnson

    Nailed It.

  • http://www.coyelaw.com Wade Coye

    Our firm is easing into cloud computing. We’re big fans of Google Enterprise for interoffice communication and data access, but we have yet to use it for client info. When we have a server outage, having a back up means of communication is invaluable.