Thursday, February 12, 2015

Things to Consider when Moving to the Cloud

The ethics around using cloud-based services is no longer a question, as most lawyers already use some form of the cloud on a daily basis. It is common for law firms to use DropBox and/or Google Calendar, however, there are many things to consider when moving your law practice to a cloud-based solution.


Confidentiality & Security

Cloud-based services store your data (documents, client information, notes, billing information, etc) on remote servers rather then your own computer. Since it is a lawyer's ethical responsibility to maintain client confidentiality, lawyers must keep this in mind when deciding on a cloud-based provider.

Some questions to consider:

  • Where is your data stored? How often is your data backed up?
  • Does the provider have a Data Storage and Archival Policy that outlines these concerns?
  • Do you handle patient health information on a daily basis? If yes, is your current solution HIPAA-Compliant?


    Data Ownership

    The cloud-based system chosen should explicitly state in their Terms of Service that the data is the attorney's and that the provider has no ownership or interest in the data.

    Training

    Will your staff be adequately trained or be knowledgeable on the service chosen to ensure client and data confidentiality? If the chosen provider has help articles and/or training options, take advantage and make sure the firm's staff is well-equipped to properly use the selected service.

    For instance, MerusCase users should know the difference between sending messages through their external email system vs. sending HIPAA-Compliant messages within the system.

    Termination

    What happens to your data if you choose to terminate your service? Are you able to retrieve it? If so, in what form? Do they send it to you? Do you have to request it?

    What happens if the provider goes out of business or if the CEO gets hit by a bus?

    When choosing your cloud-based service, be sure that provider has a step-by-step End of Life Mitigation Plan and other precautionary measures in place to ensure your data is retrievable.

    Service & Support

    What guarantee of "uptime" is promised by your provider? Any cloud-based system should strive for 100% uptime. Currently MerusCase boasts a 99.95% uptime, so you're always able to access your data.

    Lawyer Due Diligence

    It is your ethical responsibility as an attorney to investigate the provider that you choose to go with by understanding how all of the above applies to your firm's cloud-based solution. Perhaps now is the time to evaluate how your current solution may be vulnerable to breaches of data security and/or lost of data.

    What are you currently using to manage your office and how does it measure up? Comment below!

    Posted by on
    Labels:

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)