North Carolina Wants Your Comments on Cloud Based Practice Management Tools.

Yesterday, I received the urgent news, first from my colleague Stephanie Kimbro of VLO Tech, then Jack Newton of Clio that the North Carolina bar has been asked to provide a formal ethics opinion on the use of the “cloud” or web-based services by lawyers.  Details of some of the topics for consideration are here with comments due April 9 – which isn’t much time at all. (Information on where to file is at the end of this email).

I’m in the process of formulating my thoughts and I want to hear from you.  I’d like my comments to reflect the views of the solo and small firm community and not just my own practice experience.  Also, I’m hoping that bonafide ethics attorneys who also use technology will find time to weigh in.  But preliminarily, here are my hastily tossed out views.  Please provide feedback – it will help to flesh out these ideas:

1.  As I’ve written, I’m a fan of the software as a service option, particularly for new solos.  I believe that low cost and ease of use will encourage more lawyers starting a practice to adopt sound habits at the outset.  At the same time, I’m technology neutral – and while I love everything I’ve seen from VLO Tech, Clio, Rocket Matter and Direct Law (to name some of the lawyer specific vendors), I’ve also found tools like Basecamp, Box.net, Huddle and even Google Docs app to work – largely because many of my clients use these tools as well.   In short, I think that any standards eventually adopted must likewise be technology neutral to allow lawyers in all different practice areas to avail themselves of the range of options and pick those that best match the needs of their practice.

2.  Though I appreciate the bar’s desire to provide guidance, I’m nervous, very nervous, about bar committees micromanaging lawyers’ technology choices.  Yes, all lawyers should protect client confidentiality and shouldn’t use services that compromise security.  But where does guidance become overly intrusive?  Do we want the bar constantly peeking over our shoulders, second guessing all of our technology?   For instance, should state bars ban services other than Lexis and Westlaw because only those two name brands offer Shepards and therefore, are more reliable?   Lawyers have always exercised discretion.

3.  North Carolina shouldn’t be operating in a vacuum.  Cloud services are industries – and industry needs national guidance to develop products and services that meet the needs of users.  Companies can’t be subject to fifty different requirements.  If states are going to begin to impose best practices, they absolutely must work together – or we’ll wind up with the same crazy quilt of state bar rules that currently apply to meta-data and confound lawyers in multi jurisdictional practice.  In addition, let’s make sure that the folks writing the opinions have actually used the technologies in question.

4.  Ethics is moving away from absolute, black and white rules towards risk assessment, especially as we enter the area of technology.  We can’t have rules that say services x,y and z pass muster but a, b and c don’t because new services are always emerging, and lawyers will constantly be looking for precise guidance.  Instead, as we move data to the cloud, the focus ought to be on assessing risks and looking to other industries and guidelines for standards.  For example, if we’re going to be exchanging status reports  with clients, I don’t think much security is necessary.  Storing social security numbers online is another matter, with stricter security required.   Lawyers need a rubric for assessing risks and asking the right questions – there aren’t any firm rules nor should there be (except, of course, for protecting clients’ confidentiality and privilege).

5.  The bar must reassess other rules at the same time that it examines cloud computing.  Right now, many states impose document retention requirements of three to seven years; and keeping document originals until any applicable malpractice deadlines expire is considered good practice.  In an electronic age, do these rules for paper still apply?  Or do scanned copies count as originals?  No sense in going to the trouble of allowing cloud storage only to saddle lawyers with unreasonable retention requirements (though of course, so long as originals are required by courts or in evidence, lawyers are wise to hold on to them – I’m just talking about storage of longer duration).

Anyway, please weigh in on this or write the bar yourself.

Alice Neece Mine

amine@ncbar.gov

Assistant Executive Director

208 Fayetteville Street Mall

PO Box 25908

Raleigh, North Carolina 27611-5908

Telephone: 919/828-4620

Fax: 919/821-9168

7 Comments

  1. Stephanie Kimbro on April 8, 2010 at 9:55 am

    Many thanks, Carolyn, for circulating this. I’ve just finished my own comments to the committee from the standpoint of my solo web-based practice. Wish there were a way to show them my happy clients and how they feel about the use of cloud computing to receive their legal services. Here’s the final bullet point from my comment that I think is the bottom line: It should be up to the individual attorney to decide for his or herself whether the use of cloud computing for law practice management is appropriate for their practice area and the clients that they serve.



  2. Stephanie Kimbro on April 8, 2010 at 9:55 am

    Many thanks, Carolyn, for circulating this. I’ve just finished my own comments to the committee from the standpoint of my solo web-based practice. Wish there were a way to show them my happy clients and how they feel about the use of cloud computing to receive their legal services. Here’s the final bullet point from my comment that I think is the bottom line: It should be up to the individual attorney to decide for his or herself whether the use of cloud computing for law practice management is appropriate for their practice area and the clients that they serve.



  3. Michael Gort on April 9, 2010 at 8:11 am

    Carolyn – I am comfortable that cloud applications can meet the confidentiality requirement with the right terms of conditions and privacy provisions. What concerns me the most is a problem every system has — what happens when the server is down. If you have your calendar and case management system running on your local machine or your local server, how long will it take you to get back up and running if your building burns down one night? Flip side, if you have your information stored in a SaaS application that has adequate security, what do you do if the provider goes down or is shut down by bankruptcy?
    Cloud providers need to provide the ability for us to download key information daily / weekly / monthly in a process that is easy and fool proof. One key-click to drop everything into a .csv file — open that in Numbers or Excel and you are back in business. In my perfect world, their nightly runs would save that information and ftp it to me automatically.
    None do that now, and that worries me a little every day.
    —Mike



  4. Michael Gort on April 9, 2010 at 8:11 am

    Carolyn – I am comfortable that cloud applications can meet the confidentiality requirement with the right terms of conditions and privacy provisions. What concerns me the most is a problem every system has — what happens when the server is down. If you have your calendar and case management system running on your local machine or your local server, how long will it take you to get back up and running if your building burns down one night? Flip side, if you have your information stored in a SaaS application that has adequate security, what do you do if the provider goes down or is shut down by bankruptcy?
    Cloud providers need to provide the ability for us to download key information daily / weekly / monthly in a process that is easy and fool proof. One key-click to drop everything into a .csv file — open that in Numbers or Excel and you are back in business. In my perfect world, their nightly runs would save that information and ftp it to me automatically.
    None do that now, and that worries me a little every day.
    —Mike



  5. NYer on April 9, 2010 at 2:52 pm

    I want minimum standards to apply for providers (particularly backup providers) to maintain. I know I need online backup, but trying to figure out which works best, and won’t run afoul of ethics/confidentiality protections, has me up a tree. I view this as a basic type of standards, sort of like Underwriters Laboratory, or ANSI, but with more teeth and requirements than the Better Business Bureau. For me, this would be a wonderful thing.



  6. NYer on April 9, 2010 at 2:52 pm

    I want minimum standards to apply for providers (particularly backup providers) to maintain. I know I need online backup, but trying to figure out which works best, and won’t run afoul of ethics/confidentiality protections, has me up a tree. I view this as a basic type of standards, sort of like Underwriters Laboratory, or ANSI, but with more teeth and requirements than the Better Business Bureau. For me, this would be a wonderful thing.



Leave a Comment