Client Data and Cloud Computing
Nearly 11% of those responding to last weekend’s cloud computing poll said they will not entrust client data to a third party. That leaves me wondering how these lawyers manage to practice law.
Do they make phone calls? Do they use e-mail? Do their clients? How do they back up their files? Do they have cleaning staff? A shredding service? A copier repair service? Do they accept credit cards? Do they store old files outside the office? Do they take client files to court—or anywhere else? Do they practice in federal court?
Because all these things involve (or potentially involve) entrusting third parties with client data.
Just sending an e-mail involves probably a dozen or more third parties. Cleaning staff are third parties, too, generally without security policies but with access to stacks of client data. Shredding services haul client data out of the office by the barrel. Unencrypted laptops offer ample opportunities to lose client data to unknown—probably unfriendly—third parties.
It is all but impossible to practice law without entrusting client data to third parties, few of which have the comprehensive security and privacy policies of Google. Or in the legal software world, Rocket Matter or Clio.
To be sure, some cloud computing services present a security risk. On the other hand, a lot of cloud computing services are perfectly safe to use in your law practice, as bar association ethics committees around the country are discovering.
The real problem, I have long thought, is that a lot of lawyers think they are safe just because they do not use cloud computing services. Actually, as Google’s enterprise chief recently pointed out, your client data is probably safer on Google’s cloud than on your computer. The less computer-savvy the lawyer, the more this holds true.
Ironically, the Luddites who refuse to even consider putting client data in the cloud would be better off if they did. Their clients would be, anyway.