New York State Bar Committee on Professional Ethics, Opinion 842 (2010)

Brief Summary
A lawyer may store confidential client information online with third parties, provided that he or she stays abreast of relevant changes in the law and technology, and ensures that the third party storage provider also stays abreast of changes in technology.

Complete Summary
The New York State Bar Committee on Professional Ethics opined that lawyers may store confidential client information online with third parties so long as certain precautions are taken. Those precautions include taking measures to protect confidentiality and staying abreast of changes in both technology and relevant law.

Although lawyers need not guarantee that information is secure from unauthorized access, they must exercise reasonable care to prevent such access; this requirement applies to the supervision of third parties. The Committee noted that “reasonable care” may include:

1. Ensuring that the online data storage provider has an enforceable obligation to preserve confidentiality and security, and that the provider will notify the lawyer if served with process requiring the production of client information;
2. Investigating the online data storage provider’s security measures, policies, recoverability methods, and other procedures to determine if they are adequate under the circumstances;
3. Employing available technology to guard against reasonably foreseeable attempts to infiltrate the data that is stored; and/or
4. Investigating the storage provider’s ability to purge and wipe any copies of the data, and to move the data to a different host, if the lawyer becomes dissatisfied with the storage provider or for other reasons changes storage providers.

The Committee noted that changes in technology could require lawyers to reassess some of these criteria periodically. It also stated that attorneys should monitor the law relevant to online storage systems to ensure, inter alia, that the use of certain technology does not waive an otherwise applicable privilege.

In the event that a lawyer learns of a security breach of online information, the Committee noted, he or she must investigate whether any client confidences have been revealed, notify any affected clients, and stop using the online storage service until he or she is assured that any security issues have been fixed.

Significance of Opinion
This opinion is consistent with the majority of jurisdictions which have addressed this specific issue. Further, the practical implications of this opinion are notable because online storage with third parties is beneficial in terms of both freeing up storage space within the firm and providing a backup in case something happens to the firm’s own information system. But with these benefits comes the added burden of overseeing a third party.

This alert has been prepared by Hinshaw & Culbertson LLP to provide information on recent legal developments of interest to our readers. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship.

REGISTER NOW for the Tenth Annual Legal Malpractice & Risk Management Conference and Receive a 10% Early Bird Discount Before December 1, 2010

Attend the Tenth Anniversary of the industry's premier event focused on current and important developments in the law and litigation of malpractice claims, legal malpractice insurance and risk management strategies. Each Conference panel examines recent case law and significant developments throughout the last year. One and one-half days will be devoted to legal malpractice (February 16-17), and one and one-half days will be devoted to risk management (February 17-18). The Conference will be held in Chicago at The Westin Chicago River North Hotel.

Earn up to 15 hours of CLE credit, including up to 6.50 ethics credit!

Conference Topics

Legal Malpractice Sessions (February 16-17) 

• Settle and Sue: Is Legal Malpractice a Remedy for An Inappropriate Settlement or for the Settlement That Did Not Happen?
• What You Need to Know About Lawyers’ Liability Under the Federal and State Securities Laws
• Establishing a Fiduciary Breach
• Using Pretrial Remedies — Anti-SLAPP Statutes, and Other Evidentiary Early Disposition Motions
• Significant Developments in Litigating Legal Malpractice Claims
• Insurance Law
• Stump the Panel

Legal Malpractice/Risk Management Cross-Over Sessions (February 17)

• The Insurance Marketplace and Considerations
• Who is a “Partner” — The Legal Implications of Titles
• Mitigating or Avoiding the Loss

Risk Management Sessions (February 17-18)

• The General Counsel Forum
• Don’t Ignore the “Basics” — Engagement, Disengagement and End-of-Representation Letters
• The Growing Threats to Client (and Firm) Data — Managing Technology to Meet the Challenges
• High Tech Tools — and Traps — for Mergers and Lateral Hiring
• On the Horizon: Is Susskind Right? Technology and the Future of Large Law Firms

Registration Fees

$1,300 for the Entire Conference — February 16-18
$925 for the Legal Malpractice Sessions Only — February 16-17
$925 for the Risk Management Sessions Only — February 17-18

Discounts (maximum 15% discount per registration)

• Returning registrants receive 5% off the Conference price
• Multiple registrants receive 15% off when two or more colleagues from the same company register for the Conference
• Early birds receive 10% until December 1, 2010

For more information, please visit www.LMRM.com or click here to Register Now!

To speak with the Conference Planner, Katherine McCormack, please call 312-704-3329.