< back to articles listings

The Ethics of Cloud Computing and Software as a Service

by Mark Scruggs |

What Is Cloud Computing? What is Software as a Service?

Cloud computing is computing in which large groups of remote servers are networked to allow centralized data storage and online access to computer services or resources. In simpler terms, cloud computing is where your data and software are stored offsite on servers owned and maintained by a third party.

One aspect of “cloud computing” is “Software as a Service” (SaaS).  SaaS in the law firm means rather than purchasing the software and loading it on your server or work station, one purchases the software as a subscription-based product.

We are all using SaaS and cloud computing daily, whether we recognize it or not. Web-based email programs such as Google’s Gmail is cloud-based. LinkedIn, Facebook, and other social media platforms are cloud-based. Many popular practice management tools such as Clio, RocketMatter, and others are also cloud-based.  

Benefits of SaaS

SaaS for the law office offers the benefits of:

  • Cost savings (Subscription based.)
  • Service and support (Upgrades are rolled out continuously and technical support is usually just a phone call away.)
  • Availability and Mobility (Data can be accessed anytime via the web on an array of portable devices.)
  • Security (A good argument can be made that data stored in “the cloud” is at least as secure, if not more so, than data stored on the law firm’s servers.)
  • Disaster recovery (Because your data is stored in “the cloud,” if a calamity destroys your servers, such as a fire, flood or system crash, your data can be retrieved from “the cloud.”)

Cautions of SaaS

  • Security
  • Confidentiality
  • Uncertainty
  • Lack of control

The Ethics Of Cloud Computing And Using SaaS

Running throughout the ethics opinions dealing with technology  and “cloud computing” is this principle: If a lawyer employs any new technology, such as “cloud computing,” the lawyer must have a basic understanding of the technology employed, and he or she must take reasonable steps to preserve client confidentiality.

N.C. Rules of Prof’l Conduct Rule 1.1 Competence, Comment [8] states: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with the technology relevant to the lawyer’s practice . . .”

The ethical issues presented by the cloud revolve around the duty of confidentiality. (N.C. Rules of Prof’l Conduct Rule 1.6 (2003)). Rule 1.6(c) states: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

The North Carolina State Bar addressed the ethics of using SaaS in 2011 Formal Ethics Opinion 6. The State Bar answered “yes” to whether lawyers can ethically use SaaS, so long as the lawyer uses reasonable care to safeguard confidential client information.

What is “reasonable care” when choosing a SaaS provider and using SaaS? The State Bar refrained from requiring specific security requirements because such would create a false sense of security in an environment where the risks are continually changing. A lawyer must fulfill the duties to protect confidential client information and to safeguard client files by applying the same diligence and competence  to manage the risks of SaaS that the lawyer must apply when representing clients. To meet those twin obligations, the State Bar said, frequent and regular education is required.

Questions To Ask Your SaaS Vendor

Here are 19 questions to ask your SaaS vendor:

  1. Do you offer a trial period or demo of your product?
  2. What training options are available for customers?
  3. How often are new features added to the product?
  4. How many attorneys are using your product?
  5. What hours is your tech support available?
  6. Do you offer a Service Level Agreement (SLA) and/or would you be willing to negotiate one with me?
  7. What types of guarantees and disclaimers of liability do you include in your Terms of Service (TOS)?
  8. How do you safeguard the privacy/confidentiality of stored data?
  9. Who has access to the firm’s data? (Look for confidentiality, privacy policy and nondisclosure statements in the TOS.)
  10. Have you ever had a data breach?
  11. Do you have an Internet Media policy that insures against data loss?
  12. How often, and in what manner, is users’ data backed up?
  13. What is your company’s history – e.g., how long have you been in business, and from where do you derive your funding?
  14. Can I remove or copy my data from your servers in a non-proprietary format?
  15. Where does the data reside – inside or outside of the United States?
  16. What happens to the firm’s data if the company fails?
  17. Do you require a contractual agreement for a certain length of service (e.g., 12 months, 24 months)?
  18. What is the pricing history of your product? How often have rates been increased?
  19. Are there any incident costs I should know of?[1]

[1] The ABCs of Cloud-Based Practice Tools, Law Practice Today, January 2010.

About the Author

Mark Scruggs

Mark Scruggs is senior claims counsel with Lawyers Mutual specializing in litigation, workers compensation and family law matters. You can reach Mark at 800.662.8843 or at mscruggs@lawyersmutualnc.com.

Read More by Mark >

Subscribe to Our Newsletter

Newsletter Signup