RSS
 

Archive for the ‘lawyering’ Category

North Carolina Bar Regulates Legal Cloud Computing

02 Jun

Legal Cloud ComputingA  proposed Ethics Opinion of the North Carolina Bar  that provides guidelines for attorneys using cloud computing services, commonly known as SaaS (Software as a Service),  contains language that is troubling because of its potential impact on solos and small law firm practitioners who are creating virtual law practices. The Bar is soliciting comments prior to making the Opinion final. Here are some comments for consideration.

The Opinion states that to comply with the attorney’s duty to keep client data confidential there should be:

"a separate agreement that states that the employees at the vendor’s data center are agents of the law firm and have a fiduciary responsibility to protect confidential client information and client property."

 

DirectLaw is a SaaS vendor that hosts law firm data at a Tier IV Data Center that implements the security controls that a bank or major financial institution uses.  The idea that our data center would enter into an agreement that would make its employees agents of a law firm is not realistic. There is not sufficient consideration to expose the Data Center to this kind of liability, and there is no way that they would modify their terms and conditions to meet the needs of a single SaaS vendor. I doubt that counsel for the Data Center would ever approve such language. The Data Center would just tell us to take our business elsewhere. Amending the contract terms just for SaaS vendors that service the legal industry is not likely to happen.

There are other approaches to providing assurance to law firms that client confidential data is secure and less burdensome.

I think a better guideline would be to suggest or require that SaaS vendors host their data at a data center that is a Tier IV Data Center.  A Tier 4  Data Center is one which has the most stringent level requirements and one which is designed to host mission critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access controls methods. The Data Center should also be SAS 70 certified. The Data Center should also have PCI DSS certification if credit card data is stored within the Data Center. With these safeguards in place,  a law firm should be  considered to have undertaken reasonable due diligence to satisfy the obligation to insure that client data will remain confidential.

There are other problems with the North Carolina opinion. Another guideline:

"requires the attorney to undertake a financial investigation of the SaaS vendor: to determine its financial stability."

What does that mean? I am not about to divulge our private financial statements to just any lawyer who inquires. How is it relevant? If there are provisions for data capture and downloading data that is stored in the cloud, and the law firm has access to that data, what difference does it make if the SaaS actually goes out of business?

It would make more sense to simply require that a SaaS vendor carry Internet liability insurance for the benefit of its law firm clients. Law firms will have problems securing Internet Liability Insurance to cover data loss. Data loss as a result of a Data Center outage is not normally covered under a law firm’s malpractice policy. For solos and small law firm’s securing this kind of coverage would be a burden and cost prohibitive. It makes more sense to require the SaaS vendor to secure such coverage and make its law firm subscribers a beneficiary of the coverage.

Another guideline states that:

"The law firm, or a security professional, has reviewed copies of the SaaS vendor’s security audits and found them satisfactory."

How much does such an audit cost? Can solo practitioners afford such an audit? Who qualifies as a security professional? I think this requirement will act as deterrent to solos and small law firms who are seeking cloud-based solutions that they can use in their practice. I think that a less costly and more effective solution would be for an independent organization to issue a Certificate of Compliance to the SaaS vendor indicating that the SaaS vendors has satisfied or complied with well recognized standards. Like the Truste Certificate in the privacy area, this would give solos and small law firms this would provide stamp of approval that minimum standards have been satisfied. This would move the cost burden of undertaking due diligence to the SaaS vendor, rather than to the solo or small law firm practitioner.

Another guideline states:

"Clients with access to shared documents are aware of the confidentiality risks of showing the information to others. See 2008 FEO 5."

This guideline should be clarified because it is not clear what "shared documents" means. This kind of statement is likely to scare clients into thinking that a law firm that stores client data on the the Internet is putting the client’s data at more risk than storing the data in a file cabinet in the lawyer’s office.

As the American Bar American,  through its Ethics 20/20 Commission, and state bar associations adapt ethical rules to deal with the delivery of legal services over the Internet, it is important to consider that the burden of compliance may have a different impact on solos and small law firms, than on large law firms. The rules should not act as a barrier to solos and small law firms exploring new ways of delivering legal services online which are cost effective for both the law firms and their clients.

For a similar point of view see Stephanie Kimbro’s blog post on the same topic.

Disclosure: DirectLaw is a SaaS vendor that provides a virtual law firm platform to solos and small law firms.

 

Keane Memorial Award for Excellence in eLawyering Goes to Orange County Legal Aid

24 Mar

The James I. Keane Memorial Award for Excellence in eLawyering for 2011 is going to the Legal Aid Society of Orange County for their Legal Genie Project, reports the eLawyering Task Force of the Law Practice Management Section of the ABA, the group that makes the Award.

James Keane was the first appointed Chair of the group, and passed away tragically from cancer six years ago.

Legal Genie - Keane Award Winner - 2011

Bob Cohen is the long time leader of Orange County Legal Aid, and provided the leadership for this Project. 

This project combines the use of advanced web-enabled document automation technology to generate Chapter 7 and Chapter 13 documents, as well as California divorce pleadings. It is unique because it involves a network of lawyers who provide legal advice, document review,  and other assistance to clients who use the program. The use of Internet technology makes it possible for the lawyers to be involved, and to also get paid a fee, because the entire transaction is made more efficient. The lawyers who participating get the benefit of the Legal Aid brand, and the marketing that results from promoting the project.

The Project demonstrates how a vertical branded network of attorneys, empowered by a robust technology platform, can provide legal services at an affordable fee to individuals who could not normally afford a lawyer.

This is from the Legal Genie website:

 “Legal Genie is a simple, affordable and reliable online service created by Legal Aid Society of Orange County. It is designed for people who do not qualify for legal aid and cannot afford the services of an attorney. It asks simple questions and puts answers on the forms in the correct place.

"Legal Genie is different from other services because it connects you to a licensed attorney on our Lawyers Referral Service panel. The LRS attorney will give you telephone consultations, review your documents and give you legal advice. Legal Genie combines the magic of technology with the help of a professional at a price you can afford.”

The formal granting of the Award will be on April 12, 2011, at a Lunch for all of the attendees of  ABA TECHSHOW in Chicago, Illinois at the Hilton Hotel.

 

Applications for the James Keane Award for Excellence in eLawyering Are Still Open.

20 Jan

The eLawyering Task Force of the Law Practice Management Section of the ABA is seeking recommendations and applications for the James Keane Award for Excellence in eLawyering which is awarded annually at ABA Tech Show in Chicago ( April 11-13, 2011). This will be the fourth year that the Award has been made. Previous award winners include Stephanie Kimbro for her work in creating the virtual law firm of KimbroLaw and Lee Rosen of the The Rosen Law Firm (both coincidentally located in North Carolina).

The purpose of this Award is to give recognition to law offices that have developed legal service innovations that are delivered over the Internet. The focus of the Award is on the innovative delivery of personal legal services, with special attention given to firms and entities that serve both moderate income individuals and the broad middle class. 

The Award is technology-focused, in the sense that the Award Committee is seeking innovations that demonstrate the concept of eLawyering – which can be  further defined as the delivery of online legal services. Examples of elawyering include the development of online web advisors, expert systems, innovative uses of web-enabled document automation, on-line client collaboration systems, and on-line dispute settlement systems, to name a few examples.

Nominees may be any individual lawyer, law firm or other deliverer of legal services to individuals within the United States.

The nominee can be a large or small law firm, public or private, or a legal services agency. More than one entry may be submitted, and the Task Force encourages self-nomination. The Application deadline has been extended to March 15, 2011.

For further information and an application form see: http://tinyurl.com/48xvcfq