The North Carolina Bar’s Double Standard for Data and Dollars

Two months ago, North Carolina released Proposed Formal Ethics Opinion 6 , Subscribing to Software as a Service (SaaS) While Fulfilling the Duties of Confidentiality and Preservation of Client Property. As others, including my Social Media for Lawyers co-author Nicole Black, NC Bar LPM Advisor Eric Mazzone, e-lawyering pioneer Richard Granat and North Carolina virtual lawyer Steph Kimbro have already written, the decision represents a step backward for lawyers – and indeed, may have the effect of precluding lawyers from using popular services like Google docs, Mozy, email or texting even for entirely non-confidential purposes.

It’s bad enough that North Carolina’s proposed opinion will make it nearly impossible for lawyers to take advantage of new technologies that could reduce the cost of legal service. But to add insult to injury, FEO 6’s stringent regulations apply only to use of SaaS (or cloud) vendor services a companion opinion, FEO 7 gives a pass to lawyers who rely on online banking for trust account management. Yet, there’s no rational justification for North Carolina to maintain a double-standard for online management of client dollars and client data.

North Carolina’s proposed FEO 7 requires lawyers using online banking to exercise reasonable care, specifically, taking steps to minimize the risk of loss or theft of client money. Though the Opinion states that lawyers have an affirmative duty to understand the risks of online banking and to employ best practices such as strong password policies, the Opinion goes on to state that:

Understanding the contract with the depository bank and the use of the resources and expertise available from the bank are good first steps toward fulfilling the lawyer’s fiduciary obligations.

Simply put, lawyers can meet their ethics obligations by relying on banks as a trusted source of information regarding online banking security practices.
Contrast the bar’s deferential approach towards online banking with its adversarial attitude towards SAAS companies. Lawyers can’t simply rely on a cloud providers’ expertise in security practices or on the company’s representations regarding its security practices. Instead, lawyers are required (not encouraged, but required!) to:

• personally, or through a security expert, evaluate the company’s measures for safeguarding the physical and electronic security of data, including but not limited to “firewalls, encryption techniques, socket security features, and intrusion-detection systems.”
• investigate a cloud provider’s financial history;
• review the cloud provider’s security audits and
• install special security software to ensure that users connected to cloud vendors are protected against malware and viruses.

I could understand if there were a need for these rules – for example, a string of identity thefts or a pattern of security breaches — committed by, or resulting from a cloud provider’s data storage. But the North Carolina Bar does not cite a single incident to justify the addition of onerous conditions which if followed to the letter will cost solos and small firms (who don’t have in-house IT or accounting staff) several thousands of dollars in added compliance. By contrast, the past six months has been rife with news of banks’ misdeeds ranging from incompetence such as lost loan modification documents to outright fraud a la robo-signing. Yet, in spite of the banks’ abysmal track record, the North Carolina Bar apparently does not believe that banks’ security practices justify any additional scrutiny. To the contrary, the Bar regards banks as a source of “resources and expertise” upon which lawyers can rely to fulfill their ethics obligations in using online banking for trust account transactions.

Of course, I don’t advocate imposing the same security restrictions on online banking services as North Carolina has proposed for cloud vendors. Instead, I use banking as an example of a situation where bars have, for decades, permitted lawyers to rely on other providers for protection of client property. Moreover, if a client’s trust account is compromised, that money can’t be replaced, particularly if it’s a large sum. By contrast, most data that lawyers house on cloud providers is created on a local machine or filed with a court or regulatory body, so even in a worst case scenario if a cloud provider were to lose data (and again, I stress, there is no evidence that this has ever happened), it could be recovered from other sources.

North Carolina’s treatment of cloud vendors is typical of how many lawyers approach technology – as something entirely new and never before seen rather than an automated version of other tools and practices we lawyers already have in place. North Carolina generally got it right with in its opinion related to online management of trust accounts. Why can’t it simply apply that same reasoned approach (along with the other suggestions I made here to cloud services as well?

Whether you’re a member of the North Carolina Bar or not, please make your views known to Alice Neece Mine. Other jurisdictions, including yours, may be inclined to follow North Carolina’s lead, so please weigh in so that this proposal does not become precedent.

3 Comments

  1. Susan Cartier Liebel on June 20, 2011 at 2:52 pm

    When something this nonsensical happens someone is profiting. Who profits from the exclusions and restrictions being suggested. Most are easy to comply with as it shifts the burden to the SaaS provider to give to attorneys in a relatively painless way although the cost to do so would increase the cost to the end-user. Or in the alternative, the compliance data could go directly to the governing bodies and lawyers would complete a questionnaire as to whether they use cloud computing practice management software and if so, which one, and if the provider has passed scrutiny. Again, nonsensical but the nature of our profession.



  2. Celeste H.G. Boyd on June 21, 2011 at 12:20 pm

    Carolyn, thanks so much for this post! I’m a NC lawyer, and I was completely oblivious to this, but I just read the proposed opinions, and I think you’re right, they’re ridiculously onerous in their specificity, especially for solo practitioners! I also agree with Susan: it seems likely that there’s something sketchy going on in terms of the impetus for these new rules. That said, I’m not sure who profits in this situation, other than maybe the makers of file cabinets? NC is a big furniture-making state…perhaps this was a diabolical plan by the state’s file cabinet makers to keep themselves in business. 🙂



  3. Anonymous on July 26, 2011 at 2:42 am

    “I be aware that in the event that is with my personal united states, [and] he’s an effective louboutin-chaussures-fr
     male that adheres to that? They are about to get rid of myself just before someone appreciates when there is in my opinion, ” the girl explained to ABC News flash.

    Neglect Diallo in addition to her 15-year-old girl attained asylum in america around 2003, after fleeing war-torn Guinea, around western world Africa. The girl states she undergone genital mutilation as well as ended up being raped by administration troops.

    Although she admits to help exaggerating get a membership with team rape upon her asylum job application. The particular disclosure appeared to be between many emits in order to her expertise supplied very last thirty day period by way of New york prosecutors.

    The girl as well publicly stated in which concerning the health to be able to the woman’s primary transactions, the girl louboutin-chaussures-fr
     cleaned out a new neighbouring room subsequent the alleged strike. Your lover appeared to be likewise observed to have uncomfortable upon her cash flow taxes earnings.

    And your lover appeared to be falsely accused with sharing with Amara Tarawally, a male good friend with offender inside Az regarding drug offences, “This person offers lots of money. I realize exactly what Im doing” after a telephone call, additionally fuelling doubts with regards to her allegations.

    Pass up Diallo and also Tarawally not think some people aimed Mister Strauss-Kahn. “We are usually terrible, although prohibited good, ” the girl explained to Newsweek magazine. “I don’t even think in relation to cash. ”

    Using the arrest prosecution seemingly close to collapse, on the other hand, the woman’s attorney at law Kenneth Thompson offers verified that will your lady louboutin-chaussures-fr
     will certainly soon prosecute her alleged attacker intended for damage. 



Leave a Comment