It seems a comment I made at a session on cloud computing at the CBABC conference last week made quite a stir. From the response this comment generated, it is clear that cloud computing, and where BC lawyers store their data, is a hot topic. It should be – it’s important.
First, let me give a little context. At their meeting on October 31, the Benchers adopted rule changes based on the report and recommendations of the Law Society’s Cloud Computing Working Group. These changes address the requirements for electronic data storage and processing, producing records in a complaint investigation or forensic audit, and third-party storage providers and security.
On the matter of cloud-based storage, the report is clear that lawyers must use due diligence when contracting with a third party service provider for data storage and/or processing, in order to ensure they are able to fulfill their professional responsibilities as well as be compliant with applicable legislation. For a more detailed explanation, see the blog post of the Law Society’s Practice Management Advisor, Dave Bilinsky. He sets out a clear view of what is required of lawyers in BC.
For more background, I encourage you to read the rule changes and the report of the working group. These materials provide valuable assistance to lawyers. I also encourage lawyers to use the Law Society’s cloud computing checklist and best practice guidelines – these tools will help ensure compliance with the Law Society Rules.
I’d like to address what has been said regarding my comments in Arizona. The session on not being afraid to use technology was very well presented and received, and I believe this is an important topic now and will be for some time to come. I don’t believe I said that non-BC cloud computing services were not permitted, but if I did I was wrong. However, in light of the Law Society rule changes, I want to point out that out-of-jurisdiction storage providers should be viewed with care. In this context, it is also important to note the implications of the FIPPA and PIPA in determining what is required to satisfy privacy requirements.
The bottom line is that while our responsibilities as lawyers do not preclude us from using emerging technologies, they do require us to take steps to ensure we use technology in a manner that is consistent with our professional obligations.