Legal firms have been issued with guidance on safe cloud usage in order to make sure that law professionals handle sensitive data correctly.
The Law Society issued the practice note in order to point out the security risks involved with cloud computing when it is used as a service and points out that third-party companies often control the hardware and software used to access the Internet.
“While cloud computing has a number of advantages for businesses, such as reducing costs and increasing storage, it carries risk which firms must consider when engaging with a third party to handle sensitive information,” said Dr Sam De Silva, chair of the Law Society’s Technology and Law Reference Group. “Anyone involved with the collection and storage of personal data must comply with the Data Protection Act, and law practices are also subject to professional conduct obligations to maintain client confidentiality and properly manage their practices.”
The note, which covers all of the risks and benefits of cloud computing, also looks at a handful of other areas for consideration. This includes the lawful access to data by overseas law enforcement or intelligence agencies; service levels including the right to sue a cloud provider for damages or terminate the contract; and inadvertent breaches of the cloud provider’s ‘acceptable use policy’ where defamatory material has to be held in the cloud when a law firm is acting for a client defending a defamation claim.
All solicitors, practice managers or law firm IT staff planning to use cloud computing services are called to take notice of the advice and law firms are advised to carry out a full risk and compliance analysis before adopting any cloud services.