Legal Documents in the Cloud. Whose responsibility is it anyway?
Legal professionals handle an enormous amount of sensitive data both on the go and at the office. Legal documents aren’t stored in basements and legal libraries anymore like they were 20 years ago. Today, attorney-client privilege lies in the cloud, but sometimes there’s a fine line between ownership of those documents.
Are lawyers responsible for their client’s data? Or is the client responsible as the information originated with them?
These questions aren’t easy to answer today. Here’s why:
If you think your documents are protected under attorney-client privilege, you could be facing a sad reality. Attorney-client privilege can easily be waived. For a client to be protected by “attorney-client privilege” these three basic elements must be present, if they aren’t met you could be out of luck:
- a communication between lawyer and client (person or corporation);
- the purpose of which is to seek or obtain legal advice;
- the communication is made to a lawyer acting in his/her capacity as a lawyer;
- the communication must be made and kept in confidence.
Each state varies when it comes to responsibility. Ultimately, in Ohio, the duty to maintain the confidentiality of all client data no matter the form (digital or hardcopy) lies with the lawyer. To preserve the confidentiality, a lawyer must exercise competence when it comes to storing client documents and must show competence in the following areas:
- selecting an appropriate vendor
- staying abreast of technology issues that have an impact on client data storage
- considering whether any exceptional circumstances call for additional security for particularly sensitive client information is needed
Across the country, there’s a share of federal and state privacy laws and industry guidelines that regulate the storage and transfer of sensitive data, and invoke severe financial and even criminal consequences to law firms for noncompliance. Many attorneys may be subject to such penalties without even knowing it.
Handling sensitive legal data inappropriately or even allowing your law firm to get hacked could cost attorneys and law firms tons of money, embarrassment and business.
So how should legal documents be stored and handled?
- There are secure tools like Box that will protect your content. Keep sensitive materials safe, and track iterations and negotiations easily. Not to mention, it’s mobile and can been accessed by both clients and attorneys.
- Ensure your firm is up to date when it comes to security frameworks like NIST and other regulatory standards.
- You’re only as secure as your weakest link. Can a third-party vendor access your documents? Conduct internal and third-party vulnerability scans, penetration tests and malware scans. There are some pretty cool tools out there that can assess your most risky vendors and give you inside information on how risky your vendor really is.
- Inventory your firm’s software, systems, cloud platforms and data. Are the tools you’re using secure? Arm your organization with CASB. CASB can act like a covert spy, giving you intelligence on what’s actually being used in terms of cloud platforms.
If you need help, give us a call. We can help anywhere from running vulnerability tests to developing a security program. We can even help you choose the right file sharing platform for your firm.