Up in the Air: Considering Cloud Computing

Dayna sent me an interesting article the other day on cloud computing from the Wall Street Journal. For those of you who aren’t familiar with the term — the article provides a great analogy:

Imagine a company that, instead of using a commercial service like FedEx, decided to create its own worldwide parcel delivery system. The company would buy warehouses, delivery trucks and airplanes. It would hire package handlers, mechanics and logistical experts. All this would require an enormous investment and would be quite impossible for any but the largest of companies to do efficiently or cost-effectively or well.

Cloud computing is the equivalent of hiring FedEx. It is a way to outsource the service of providing the hardware, software, human resources and business model required to deliver, store and manage digital data offsite. The outside service providers in turn achieve economies of scale, lowering the cost to all their customers.

Cloud computing is used for, among other things, extra storage space and to provide network or system backups. See, for example, this or this. Or, on the most basic of levels consider Google documents. A lawyer can upload or create documents to be stored there - and the lawyer can then access those documents from anywhere. And if you’re traveling, this could be incredibly convenient — no need to lug a computer with you or boxes of documents.

But cloud computing does not come without its concerns.  The WSJ article points out a number of issues that are worth considering:

• The data you create for your clients is being housed on servers owned by third parties. And even though the service agreement should provide that you own the data — what about the metadata created on the server by the server? You know, the data generated about the data. The WSJ article points out that there could be data modification logs, and this could clearly be relevant in litigation.
• How does the third party vendor address data preservation issues?  Is there a long-term plan for retention of documents?
• How does the third party vendor address concerns regarding confidentiality? Does anyone else have access to the documents or information you store on these servers?

I haven’t given either a serious review yet, but it looks like at least two states (Nevada and New Jersey) have issued ethics opinions discussing the use of third party vendors to store client files and documents and electronic form. With respect to confidentiality, the opinions appear to suggest that using third party vendors is OK so long as the lawyer exercises reasonable care to learn about how the vendors store the documents and to ensure the service agreements require the vendor to preserve the confidentiality and security of the materials.  (In Oregon, you may want to look at Oregon Ethics Op. 2005-41 for guidance, which states that law firm may contract with recycling service to dispose of office files but must take reasonable care to prevent the disclosure or use of confidential client information, and further must instruct company about the lawyers’ duty of confidentiality and the company must agree to safeguard all such materials.)

I also just found what looks like a thorough article on the topic written by Diane Murley, called “Law Libraries in the Cloud” and recently published in the Law Library Journal Vol. 101:2 (2009-15).