RSS
 

Archive for the ‘Richard’ Category

North Carolina Bar Regulates Legal Cloud Computing

02 Jun

Legal Cloud ComputingA  proposed Ethics Opinion of the North Carolina Bar  that provides guidelines for attorneys using cloud computing services, commonly known as SaaS (Software as a Service),  contains language that is troubling because of its potential impact on solos and small law firm practitioners who are creating virtual law practices. The Bar is soliciting comments prior to making the Opinion final. Here are some comments for consideration.

The Opinion states that to comply with the attorney’s duty to keep client data confidential there should be:

"a separate agreement that states that the employees at the vendor’s data center are agents of the law firm and have a fiduciary responsibility to protect confidential client information and client property."

 

DirectLaw is a SaaS vendor that hosts law firm data at a Tier IV Data Center that implements the security controls that a bank or major financial institution uses.  The idea that our data center would enter into an agreement that would make its employees agents of a law firm is not realistic. There is not sufficient consideration to expose the Data Center to this kind of liability, and there is no way that they would modify their terms and conditions to meet the needs of a single SaaS vendor. I doubt that counsel for the Data Center would ever approve such language. The Data Center would just tell us to take our business elsewhere. Amending the contract terms just for SaaS vendors that service the legal industry is not likely to happen.

There are other approaches to providing assurance to law firms that client confidential data is secure and less burdensome.

I think a better guideline would be to suggest or require that SaaS vendors host their data at a data center that is a Tier IV Data Center.  A Tier 4  Data Center is one which has the most stringent level requirements and one which is designed to host mission critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access controls methods. The Data Center should also be SAS 70 certified. The Data Center should also have PCI DSS certification if credit card data is stored within the Data Center. With these safeguards in place,  a law firm should be  considered to have undertaken reasonable due diligence to satisfy the obligation to insure that client data will remain confidential.

There are other problems with the North Carolina opinion. Another guideline:

"requires the attorney to undertake a financial investigation of the SaaS vendor: to determine its financial stability."

What does that mean? I am not about to divulge our private financial statements to just any lawyer who inquires. How is it relevant? If there are provisions for data capture and downloading data that is stored in the cloud, and the law firm has access to that data, what difference does it make if the SaaS actually goes out of business?

It would make more sense to simply require that a SaaS vendor carry Internet liability insurance for the benefit of its law firm clients. Law firms will have problems securing Internet Liability Insurance to cover data loss. Data loss as a result of a Data Center outage is not normally covered under a law firm’s malpractice policy. For solos and small law firm’s securing this kind of coverage would be a burden and cost prohibitive. It makes more sense to require the SaaS vendor to secure such coverage and make its law firm subscribers a beneficiary of the coverage.

Another guideline states that:

"The law firm, or a security professional, has reviewed copies of the SaaS vendor’s security audits and found them satisfactory."

How much does such an audit cost? Can solo practitioners afford such an audit? Who qualifies as a security professional? I think this requirement will act as deterrent to solos and small law firms who are seeking cloud-based solutions that they can use in their practice. I think that a less costly and more effective solution would be for an independent organization to issue a Certificate of Compliance to the SaaS vendor indicating that the SaaS vendors has satisfied or complied with well recognized standards. Like the Truste Certificate in the privacy area, this would give solos and small law firms this would provide stamp of approval that minimum standards have been satisfied. This would move the cost burden of undertaking due diligence to the SaaS vendor, rather than to the solo or small law firm practitioner.

Another guideline states:

"Clients with access to shared documents are aware of the confidentiality risks of showing the information to others. See 2008 FEO 5."

This guideline should be clarified because it is not clear what "shared documents" means. This kind of statement is likely to scare clients into thinking that a law firm that stores client data on the the Internet is putting the client’s data at more risk than storing the data in a file cabinet in the lawyer’s office.

As the American Bar American,  through its Ethics 20/20 Commission, and state bar associations adapt ethical rules to deal with the delivery of legal services over the Internet, it is important to consider that the burden of compliance may have a different impact on solos and small law firms, than on large law firms. The rules should not act as a barrier to solos and small law firms exploring new ways of delivering legal services online which are cost effective for both the law firms and their clients.

For a similar point of view see Stephanie Kimbro’s blog post on the same topic.

Disclosure: DirectLaw is a SaaS vendor that provides a virtual law firm platform to solos and small law firms.

 

The Online Bar Association Meets 04/29-05/01 in Coral Gables, Fl

26 Apr

A new international bar association was formed last year, based in Miami, Florida, called the Online Bar Association. It is an eclectic group of attorneys some based in the United States and many based internationally, who have come together around a common interest – the online delivery of legal services.

The first inaugural meeting is this weekend, April 29-May 1, 2011 at the Westin Colanade Hotel in Coral Gables, Florida.  Here is information about the meeting and the agenda.

 

LawPivot: Another Legal Advice Web Site

29 Jan

Another interesting start-up has emerged out of Silicon Valley to provide crowdsourced legal advice to other start-ups for free.

Vertical Q&A web sites seems to be the next new thing among venture capital investors. Even Facebook  rolled out this year a crowd-sourced Q&A service.

LawPivot, a legal Q&A web site founded in 2009,  hopes to fill a niche by providing legal advice to the founders of start-up and early stage high-tech companies based in California at a legal fee they can afford — FREE.   Legal advice is provided by an experienced network of high-priced business law attorneys, recruited from the top 200 hundred or so law firms, who hope to pick up new clients by entering into discussions by providing free legal advice services to start-up companies.

Free legal advice or the “free consult” has been employed by lawyers for years, pre-Internet, as a tried and true marketing strategy for acquiring new clients. Now many lawyers are beginning to offer free legal advice online from their web sites directly. See for example,  VirtualEsq.Com . By next year there will be hundreds of these free legal advice services offered directly by lawyers from their web sites as the virtual law firm movement begins to scale.

However, free legal advice from an individual law firm’s web site, is not the same thing as a vertical web site that aggregates answers from many lawyers, giving consumers a wider variety of responses to their particular situation.

Free legal advice online is not a completely new idea. FreeAdvice has been doing it for years, and consumers can get answers to their basic legal questions from sites such as AVVO, RocketLawyer, and JustAnswer. What is new, is that LawPivot provides through its network of lawyers “real” legal advice that applies to the client’s particular situation, as distinguished from merely legal information. And this advice is reputedly to be "high quality" given the stature of the lawyers recruited to the LawPivot network.

However, genuine legal advice, [as distinguished from “legal advice” that is characterized as “legal information” ],  like any legal service, has to be delivered in an ethically compliant way requiring that the client’s information be kept confidential, that an attorney/client relationship be established, and that the attorney providing the legal advice be a member of the bar within the jurisdiction  where the client is located. Presumably LawPivot is addressing these issues. The LawPivot service is presently limited to California, but the company, according to its representations, plans to expand nationwide.

Although the company recently raised $600,000 from Google Ventures, the venture capital arm of Google, after a $400,0000 round from from a group of angel investors, it will be interesting to see how or whether it survives. At this point, neither the clients are charged for legal advice, nor are the participating attorneys charged an advertising fee. So there is no revenue, and apparently no business model. However, I doubt that the investors thought they were making  charitable contributions, so there must be a business model lurking in the background somewhere?

Unfortunately, the only business model that is ethically compliant in the US, is one where the participating lawyers pay an advertising fee to play (get listed) and get exposure. Splitting legal advice fees between a law firm and a non-law firm , is a big “No, No” and an ethical prohibition that exposes the participating attorneys to bar sanctions which could lead to disbarment.   Perhaps because Google is now involved as a major backer of  LawPivot , and the company is planning to move to the GooglePlex campus start-up incubator,  "they can do no wrong.!"

Many other Western common law jurisdictions, like the United Kingdom, have abolished the division of fees, but the rules against splitting fees with non-lawyers remains sacrosanct  in the US, on the theory that splitting fees would compromise the independent judgment of the attorney. However, in the UK, lawyers are permitted to work for a profit-making company and provide legal advice directly to consumers, and no one seems to be complaining about compromised judgment. [ See: FirstAssist in the UK  for an example ].

Charging clients an administrative fee to “use” the web site, as an alternative revenue source, has been tried before in an earlier Internet era, and it failed then. [ e.g. AmeriCounsel ]. I doubt that this model will work today when consumers are expecting everything on the web to be for free.

I think it is a good sign that innovation is happening in the legal industry, and that private capital is finally looking for a way to get a return by investing in the delivery of legal services. [See: Total Attorneys Receives Multi-Million Dollar Investment ].

I would like to see companies like LawPivot thrive, but at this point I don’t see the juice.  Are advertising revenues sufficient to make this venture sustainable, or has LawPivot  figured out another legitimate source of revenue that doesn’t violate US ethical prohibitions? Only time will tell.

 

 

Recovering from a detached retina – a long trip

16 Oct

I had surgery for a detached retina a week and a half ago and I am 12 days into a 21 day recovery where I have to lie face down for 20 of 24 hours. After which I will not be able to read for 8 weeks. This is a part of the recovery process.. I can watch video, but can’t read email. For someone who writes, reads, blogs, tweets, constantly, this is an enforced sabbatical. So for a while I am off the grid.