RSS
 

Archive for the ‘Commission’ Category

Legal Cloud Computing Association Publishes Responses to ABA, North Carolina State Bar

18 Jul

The Legal Cloud Computing Association (LCCA) has published responses to proposals issued by the ABA Commission on Ethics 20/20 and the North Carolina State Bar regarding the use of cloud computing within a law practice.

The Legal Cloud Computing Association ("LCCA"), formed in December 2010, is the collective voice of the leading cloud computing software providers for the legal profession, consisting of Clio (Themis Solutions, Inc.), DiaLawg, LLC, DirectLaw, Inc., NetDocuments, Nextpoint, Inc., RealPractice, Inc., Rocket Matter, LLC, and Total Attorneys, LLC.

Response to ABA Commission on Ethics 20/20

The LCCA’s letter to the ABA Commission on Ethics was issued in response to the Commission’s Initial Draft Proposals on "Technology and Confidentiality" published on May 2, 2011. The Proposals include certain modifications to the ABA Model Rules of Professional Conduct that are designed to facilitate the responsible adoption of technology that will increase the quality, and reduce the cost, of legal services.  The Proposals were issued as part of a process initiated in early in 2010 where the Commission published an Issues Paper requesting comments and feedback from the legal community.

The LCCA fully supported the Commission’s Proposals, and concluded that the Commission ‘s recommendations provided a reasonable framework the would enable law firms to make infomed decisions about using cloud computing resources.

Response to North Carolina State Bar Proposed 2011FEO6

The LCCA’s letter to the North Carolina State Bar pertains to Proposed Formal Ethics Opinion 2011FEO6. The Proposed FEO attempts to address the ethical issues relating to the use of Software-as-a-Service or cloud computing within a law firm environment.

While the LCCA supported the NC State Bar’s efforts to provide clarity on the use of cloud computing, the Proposed FEO as written would negatively impact a broad scope of attorneys from those who do nothing more than use a web-based email client or conduct online legal research to those that do full scale online delivery of legal services.

The onerous requirements of the Proposed FEO, detailed in full in the LCCA’s response to the NC State Bar, would force many cloud computing providers to withdraw from the NC market entirely, thus negatively impacting the technological capabilities and competitiveness of NC-based law firms.

Unlike the recommendations of the ABA Ethics 20/20 Commission, the draft North Carolina bar opinion, as it stands, is likely to have a negative impact on the use of cloud computing resources and applications by law firms in North Carolina. One result is that North Carolina’s law  firms, particularly solos and small law firms would be handicapped when competing with law firms from other states.

We are hopeful that the revised opinion will be more compatible with the recommendations of the ABA Ethics 20/20 Commission.  Why is it necessary for each state bar to have their own set of guidelines in this area, when the companies that offer cloud computing services operate nationally?


 

How safe and secure is your law practice environment?

18 Apr

A new nonprofit organization has emerged to help lawyers assess the safety and security of their law practice environment. The organization is the International Legal Technology Standards Organization and it recently released a set of standards that law firms can used to evaluate:

  1. the law firm’s internal security standards; and
  2. help law firm’s make informed decisions about "cloud computing" vendors and other hosting arrangements where confidential data is stored outside of the physical office of the law firm

The Standards are much more detailed and comprehensive than the ABA/LPM’s eLawyering Task Force publication of Cloud Computing Guidelines for Law Firms.

Disclosure: I am on the Advisory Board of ILTSO and provided some guidance to the development of the standards.

The standards are being circulated for comment before final publication.

The standards offer a sensible definition of "reasonable under the circumstances" by recognizing that different types of law firms have different security needs, although all lawyers are bound to prevent the disclosure of client data. Law firms are categorized into three types of situations:

  • "Bronze – this standard is appropriate in every law practice, including solo practices."
  • "Silver – this standard is typically appropriate for firms of more than one attorney, or where circumstances or resources dictate."
     
  • "Gold – this standard is typically appropriate for larger firms or those with additional IT resources, or where circumstances or resources dictate."

The idea of categorizing law practice environments into these three categories is a new idea, as some of the standards only apply to the Gold and Silver category. The intent is to recognize that law firms have different IT capabilities and the size of the law firm usually determines how the law firm will approach the problem of securing client and other firm data.

At this point of development, the law firm is responsible for undertaking their own self-assessment. Law firms can apply to the standards to their own law practice environment and if in compliance display the ILTSO seal.

ILTSO Seal of ComplianceAt some point, I can see where ILTSO might undertake an independent assessment of a law firm’s security arrangements and if it compliance with the standards, award a certificate like the Truste certification which assesses an organization’s privacy policies. A small fee could be charged for this assessment and it would vary depending on whether the type of law firm practice environment is  Bronze, Silver, or Gold. This would give assurance to clients that all reasonable efforts have been taken to secure the confidentiality of their data.

It will be interesting to see how the organized bar responds to these standards, as their are entities both at the state level, and the American Bar Association that are analyzing these same subjects.

The ABA Ethics 20/20 Commission, for example, has been holding hearings on cloud computing and security of data and has released a working paper on this subject.

Just last week, the Commission released its recommendations on outsourcing, which is a process that has an impact on the confidentiality of client data. The recommendations have not yet been posted on the Commission’s web site, but the ABA Journal reports that:

"The commission proposes revisions to the Model Rules recognizing that electronically stored information, including metadata, is material subject to confidentiality rules. It also proposed revisions directing lawyers to make reasonable efforts to prevent inadvertent disclosure of information relating to representation of a client."

ILTSO’s new standards would give concrete meaning to the definition of "reasonable efforts" and provide a detailed framework that could guide attorney assessment of particular outsourcing and cloud computing arrangements.

A positive impact of having this evaluation framework in place might be the accelerated adoption of technologies, such as cloud computing. Compliance with the guidelines would support a law firm’s assertion that the firm has taken all reasonable steps to secure client data to reduce its liability in case of a security breach over which the firm had no control.

An unanticipated consequence might be a slow down in adoption, as the lack of clarity in this area might give many lawyers a reason not to become "early adopters." Many lawyers might choose to wait until standards like ILTSO’s are accepted by a broad base of legal organizations and law firms.

Of course, by then, the "real" early adopters will have acquired a first mover advantage over law firms that are still thinking about the subject, to the those firms competitive disadvantage.