The guidance is responding to the increasing use of cloud storage as an alternative to traditional IT provision and the associated security risks involved.
Cloud computing is computing as a service and means a third party owns or controls the hardware, and often the software, which you access and operate via the internet.
The practice note is aimed at all solicitors, practice managers or law firm IT staff using or planning to use these kind of online services.
Dr Sam De Silva, Chair of the Law Society’s Technology and Law Reference Group, a member of the EU Commission’s Expert Group on Cloud Computing and Technology Partner at Penningtons Manches LLP welcomed the new guidance for lawyers.
“While cloud computing has a number of advantages for businesses, such as reducing costs and increasing storage, it carries risk which firms must consider when engaging with a third party to handle sensitive information.”
“Anyone involved with the collection and storage of personal data must comply with the Data Protection Act, and law practices are also subject to professional conduct obligations to maintain client confidentiality and properly manage their practices.”
In addition to the risks and benefits of cloud computing, the practice note covers other areas for consideration, including:
· Lawful access to data by foreign law enforcement or intelligence agencies;
· Service levels and the right to sue the cloud provider for damages or terminate the contract; and
· Inadvertent breaches of the cloud provider’s “acceptable use policy” where defamatory material needs to be held on the cloud where a law firm is acting for a client defending a defamation claim.
The Law Society advises firms to ensure their prospective cloud service has been subjected to a full risk and compliance analysis before proceeding.