The Ethics Behind Cloud Storage

on 02/15/2016 by David Szostek

cloud

The ease and affordability of online billing, client management, document storage, and payment platforms is a powerful lure. When you sign-on or hit send on these sites, is there a little voice inside your head wondering whether these platforms are truly safe and whether using them could lead to an ethics violation? There should be, because convenience usually comes with trade-offs, but your law license does not have to be one of them.

Attorneys are required to exercise reasonable care to prevent their vendors from disclosing or using client information, per MRPC 1.6(d). What constitutes “reasonable care” is really the issue when you choose how to electronically store client files.

If you store your client files on your laptop or desktop, you are not intentionally exposing your client files to others, but this may not provide you the ethics protection you think that it does. If your computer is lost, stolen, hacked, or its hard drive breaks, you could completely lose your client files and potentially allow others to view confidential information. These situations could land you in trouble with the ethics board.

The solution: offsite copies and local file encryption.

A good, affordable, usable solution to that problem is to store your client files in “the cloud” and use a software program to seamlessly encrypt your data before it reaches the cloud. That way, you will notlose client data or potentially allow others to view if any of the above situations happened since your data would be encrypted and in the cloud. Although most cloud storage providers advertise encryption features, that is misleading; only using a cloud storage provider in conjunction with local encryption software to encrypt your files before they reach the cloud will provide you the security you need to avoid ethical pitfalls. Plus, by storing items in the cloud, you can view previous versions of your files in case you need to see what a prior version looked like (depending on your selected cloud provider).

Although this solution may sound complex, it is both easy and affordable.

First, select your cloud storage provider. We recommend DropBox for Business or Google Drive. Second, select an encryption. For more tech-savvy attorneys, we recommend cloudfogger.com, which is free, encrypts the files on your computer before storing them in the cloud, and works with any cloud storage provider and device (Windows, Mac, iOS, and Android). For a more user-friendly solution, we recommend boxcryptor.com, which costs $96/year per user. Third, backup your encryption key in a safe place, like a safe- deposit box. Fourth, incorporate a provision into your engagement agreement stating that you use cloud storage and you cannot control the vendor’s security measures. That is it.

After the initial setup, all you have to do is log in to your encryption program once when you log on to your computer and all of your client files will be encrypted locally and offsite in your cloud. Then poof: you avoided a potential ethics violation.

Contact us at our website.