Security in the cloud: is your client’s data secure?

Security in the cloud: is your client’s data secure?

What are the concerns surrounding the safety of lawyers’ data?

The concept of confidentiality is at the core of the solicitor-client relationship and protected as a concept in law and also through regulatory controls. This is dependent on lawyers’ data being secure. The challenge that many lawyers now face is the need to reconcile the safety of data, and the connection of this with confidentiality duties, with modern storage and communication methods which are increasingly computer-based rather than the paper-based. The use of electronic solutions means that there are a number of third parties with access to lawyers’ data and this increases risks to both the lawyers and their clients that data will not be secure or may become subject to the right of seizure from government agencies.

What are the particular concerns surrounding lawyers’ data posed by the rise of cloud computing and increased electronic transfer?

Cloud computing and electronic transfer methods place increased pressure on solicitors in respect of their duty to keep client matters confidential. The Solicitors Regulation Authority (SRA) is a risk-based regulator and has identified high impact risks in its Risk Regulatory Index and Risk Outlook documentation.

Outsourcing and the use of cloud computing and cloud providers were identified as high-level risks in the SRA Risk Outlook of Autumn 2013. While these are not prohibited activities, the SRA has said that it will expect law firms to manage the challenges that this creates in respect of the protection of client confidentiality.

The regulator published a regulatory guide, “Silver linings: Cloud computing, law firms and risk” in November 2013 to assist lawyers.

Suggestions for good practice include undertaking due diligence exercises on the service provider both before a contract is agreed and during the period of the agreement. In addition the SRA Code of Conduct specifies that the firm must enter into a contractual agreement with the provider to enable the SRA access to this third party to inspect data if necessary.

The cloud system must also comply with the

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author: