The intersection of convenience and care: Informed consent for cloud applications

On May 17 of last year, the Massachusetts Bar Association's House of Delegates approved for publication an ethics opinion related to attorneys' use of cloud-based programs. You can read the opinion in full here. (Massachusetts is one of 15 states that have issued opinions respecting the ethics of cloud computing; every state issuing an opinion has approved the practice. The American Bar Association's Legal Technology Resource Center maintains a full list.) The main thrust of the ethics opinion is that attorneys using cloud-based technology should make reasonable efforts to secure the confidentiality of information maintained on those systems.

However, it is the subsidiary point addressed in Opinion 12-03 that is the focus of this tip. The opinion reads, in pertinent part, that the 'Lawyer remains bound to follow an express instruction from his client that the client's confidential information not be stored or transmitted by means of the Internet, and that he should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first seeking and obtaining the client's express consent to do so.' This is an important consideration. The opinion takes into account the fact that the client's file is the client's, and that the attorney-steward has certain obligations to protect the client's information (broad obligations are outlined at the Massachusetts Rules of Professional Conduct, Rule 1.6). But, the opinion also addresses other aspects of the attorney-client relationship, beyond the securing of data (and, not just 'particularly sensitive' data -- all client information should be rendered confidential via vetting and security procedures respecting cloud tools), including balancing between convenience and transparency. It makes sense for attorneys to use cloud services in a modern practice, due to cost efficiencies and collaboration advantages. But, it also makes sense to disclose to clients the services the law firm uses (you probably won't find many clients these days who are unwilling to let you use internet services at all, as the opinion seems to intimate might be the case). This is a convenient way to educate clients about the ways in which they'll communicate with the firm; it also sets their minds at ease respecting the security of their data. Clients are searching for good lawyers; but, they're also searching for honest lawyers; and, transparency makes up the greater part of honesty. And, in addition to providing a marketing edge (an attorney who is clear and up-front about data security and technology services appears as thorough, competent and savvy), the acquisition of informed consent from clients respecting technology products is potentially useful for protecting yourself in the event of a breach of a particular service over which breach you had little to no control.

Saying that one should get informed consent is one thing; but, figuring out how to acquire informed consent is another thing. One solution is to include a term in your fee agreement respecting the technology products you use in your office and some information respecting the security of those technology products. The fee agreement memorializes the relationship between the attorney and the client; but, smart lawyers use fee agreements as educational tools for the clients they will work with. Before you get a signature on your fee agreements, explain to your clients the technology you use, with a brief overview of each product (including those security components -- the ones the system applies, and your own). You should also use this teaching moment to educate your clients on the ways in which they can secure their own data (relevant to the case), including maintaining confidentiality for the data they send to you (e.g. -- apply strong personal passwords for access to firm collaboration tools). While some attorneys may view this sort of thing as just another administrative hassle, many others will see this as an opportunity: to educate clients, to protect themselves and to market the law firm.

You can access all of the opinions of the MBA's Committee on Professional Ethics here.

Tip courtesy of Jared Correia, Law Office Management Assistance Program.

Published March 7, 2013


To learn more about the Law Practice Management Section, which is complimentary for all MBA members, contact LPM Section Chair Thomas J. Barbar or Vice Chair Cynthia E. MacCausland.
©2017 Massachusetts Bar Association