This is a question that we are asked by our law firm customers every time a Cloud solution or Office 365 is being considered for their firm. The short answer is, as always, it depends. Typically your interpretation of the Rules for Professional Conduct apply. But this time you have help in the form of a 2013 OSBA Professionalism Committee Advisory Opinion (at least for Ohio attorneys). Unless you’ve been in a cave (or in trial for a very long time) you likely have heard about Microsoft Office 365 and the “Cloud”. Just in case you have no idea, Office 365 is Microsoft’s very popular hosted email, calendaring, document storage and collaboration tool and honestly it is a law firm game changer in many ways. However since it is “in the Cloud” many firms are standoff-ish due to their unanswered questions regarding data security and Client Confidentiality (and rightfully so). Of course we here at SpliceNet can’t answer this question for you (in fact we unequivocally say that the decision must be made by you) but there is great news from the OSBA to help you best decide for yourself (see the link at the end of this post). What we like best about this Opinion is that it is quite different than most in that it gives some pretty good guidance and in fact a bullet point list of things to consider in the Cloud vendor’s Service Level Agreement (SLA):
- Safeguards the (Cloud) vendor has to prevent confidentiality breaches?
- Is the SLA a legally enforceable obligation on the vendor’s part?
- Does the SLA give ownership to the vendor or even licensed to the vendor?
- How is the vendor required to respond to governmental attempts to obtain Client Confidential data?
- What is the vendor’s policy and/or obligation to return the data should your relationship end?
- What is the vendor’s disaster plan?
- Where is your Client Confidential data located and is the data or relationship subject to international law?
Given the conclusion of this Advisory Opinion which states that “Ohio Rules of Professional Conduct do not prohibit cloud storage, provided that lawyers follow the ethics rules that apply to client information in whatever form and are guided by the applicable Ohio ethics opinions”, one can make the case that Office 365 and “the Cloud” are ethical for law firm use. However a full review of the Advisory Opinion is necessary for you to judge (no pun intended) for yourself. Below is a link to the decision – enjoy. OSBA Informal Advisory Opinion 2013-3