Addressing Security Risks in the New Technologies

The emergence of cloud computing over the past several years has triggered new information security concerns. Despite the fact that more service providers are offering increased levels of security and 24-hour support, the idea of placing large amounts of confidential data in the cloud makes many lawyers cringe and continues to prevent many businesses and law firms from migrating to the cloud.

Both lawyers and their clients are obligated to keep certain types of information secure. Lawyers must protect a client’s confidential information by taking reasonable steps to prevent its inadvertent disclosure by third parties (like cloud service providers) that the lawyer has retained to assist in providing services to the client. Several states (including, Arkansas, California, Indiana, Masschusets, Nevada, Rhode Island, Texas and Utah) have enacted statutes imposing data security obligations on any entity that has access to personal data.

Lawyers and their clients must be aware of risks posed by emerging technologies, as well as now commonplace technologies like smartphones and other mobile devices, and take reasonable steps to ensure that client and other data is secure. The authors provide a number of suggestions for how cloud service agreements should be structured. Lawyers must take into account the professional and ethical obligations in the jurisdictions where they practice. Clients also must take into account the various federal and state laws that govern the use of confidential personal data, particularly in the health care and financial services industries.