Oregon Approves Ethics Opinion on “Cloud Computing”

May a lawyer contract with a third-party vendor to store client files and documents online, allowing for remote access by the lawyer or her clients?

Yes, so sayeth the Oregon State Bar in newly issued Formal Opinion No. 2011-188 Information Relating to Representation of a Client: Third-Party Electronic Storage of Client Materials.

Here are the details from the opinion:

A lawyer may store client materials on a third-party server so long as Lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation.

Keeping client information secure means taking reasonable steps to ensure that the storage company will reliably secure client data and keep information confidential. Under certain circumstances, this may be satisfied though a third-party vendor’s compliance with industry standards relating to confidentiality and security, provided that those industry standards meet the minimum requirements imposed on the Lawyer by the Oregon RPCs. This may include, among other things:

  • Ensuring the service agreement requires the vendor to preserve the confidentiality and security of the materials.
  • It may also require that vendor notify Lawyer of any nonauthorized third-party access to the materials.
  • The lawyer should also investigate how the vendor backs up and stores its data and metadata to ensure compliance with the lawyer’s duties.

Although the third-party vendor may have reasonable protective measures in place to safeguard the client materials, the reasonableness of the steps taken will be measured against the technology “available at the time to secure data against unintentional disclosure.”  As technology advances, the third-party vendor’s protective measures may become less secure or obsolete over time.  Accordingly, Lawyer may be required to reevaluate the protective measures used by the third party vendor to safeguard the client materials.

8 thoughts on “Oregon Approves Ethics Opinion on “Cloud Computing”

  1. Pingback: State Bar #CloudComputing Ethics Opinion Roundup | Official Clio Blog

  2. Pingback: CloudOn Followup | TabletLegal

  3. Pingback: CloudOn Followup | Test

  4. Pingback: Demandforce – Appointment Reminder Solution for Lawyers? | Oregon Law Practice Management

  5. Pingback: You’re Sold on the Cloud, Now What? | Oregon Law Practice Management

  6. Pingback: Getting Your Head into the Cloud | Oregon Law Practice Management

  7. Pingback: Precautions for Paperless Practitioners | Oregon Law Practice Management

  8. Pingback: Practical Advice for Virtual Law Offices | Oregon Law Practice Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.