This month we talk with Nicole Black, a Rochester, New York attorney. Ms. Black is the author of the ABA book Cloud Computing for Lawyers and co-author of the ABA book Social Media for Lawyers: The Next Frontier. She is also the Director of Business Development and Community Relations for MyCase (mycase.com), a cloud-based law practice management service.
Thank you for speaking with us. Could you start by telling us how a service like MyCase is different from traditional law practice management software?
It's cloud-based rather than server-based, so that's the first big difference. And because it's cloud-based, there's a much more accessible feel than the ones offered by more traditional companies. It's easier for lawyers to work with; you don't need a consultant to help you set it up. MyCase in particular has a very intuitive platform. It makes it so easy for law firms to jump right in and start using it without a whole heck of a lot of training from the get go.
One of the benefits to cloud-based rather than server-based is its flexibility and affordability. You can access your files from anywhere, as long as you have an Internet connection. And you don’t have to pay for software up front, including the cost of licensing fees every year, as well as the IT staff that are helping you install it, learning how to use it and troubleshooting every time you add new software that conflicts. Because it's based in the cloud, there aren't any of those issues. MyCase regularly updates new features for the platform at no cost to the user and there's a monthly subscription fee, rather than having to pay for the software and licensing fees; it's a lot more affordable in the long run.
For attorneys handling their clients' confidential information, having data handled by a third party is an ethical consideration. How is that addressed?
As I discuss in my book about cloud computing for lawyers, I found that lawyers outsource confidential data to third parties all the time, whether it's process servers, copy services, delivery services, or the storage of old files. Lawyers even have cleaning crews coming into their offices every night. I've only spoken to one firm that actually locked up their files every night. Usually the file cabinets are unlocked and these cleaning crews have access to their offices.
So, confidential data has always been outsourced and given to third parties, and the obligation of lawyers has always been to exercise due diligence and take reasonable efforts to ensure the confidentiality of clients' data. It doesn't have to be 100 percent secure; there's no such thing as absolute security. You have to take reasonable steps to ensure that your clients' data is safe. And as long as you ask appropriate questions – I have a list in my book of eighteen questions that lawyers should ask service providers – as long as you do that, and you understand where your data is being held, you understand that there are redundancies built in, whether it's power source redundancies, server redundancies, or backup redundancies.
Servers should be located on opposite coasts and backed up pretty frequently, so that if one of the servers goes down due to a natural disaster or due to some other type of disaster, the other server is still up and running and has all the data backed up to it. And, if both those servers go down, then you're looking at a much bigger disaster than the loss of the law firm's data. So as long as you ask all the right questions and you understand how and where your data is being housed and who will have access to it and all the redundancies, then you've met your ethical obligations.
What can be done in terms of especially sensitive information or confidential documents? Is there another level of security with encryption?
With software as a service (SaaS), you can't have data encrypted on the servers, because the software has to be able to interpret the data. If you're using Dropbox for example, or some other type of data storage platform, then you may have the option to have your data encrypted on the server. But when you're using software as a service, which is what all law practice management systems are, then it can't be encrypted on the server, because what the system does is create a relationship between the data. That's what makes these programs useful and valuable to the end user.
That being said, whenever you're dealing with particularly sensitive information – the examples I like to use are if you're representing a Chinese dissident, if you're representing a very famous person like Britney Spears, or for instance the Coca-Cola formula – stuff like that, you wouldn't put in the cloud. Highly sensitive data you probably just should not put in the cloud in the first place. But most other, more typical confidential client data is perfectly safe in the cloud, assuming you’ve thoroughly vetted your cloud computing provider.