Florida Bar Issues Proposed Advisory Opinion Regarding Cloud Computing

Lawyers for the Profession® Alert

March 6, 2013
Lawyers for the Profession® Alert

The Florida Professional Ethics Committee, Proposed Advisory Opinion 12-3 (Jan. 25, 2013)

Brief Summary

The Florida Professional Ethics Committee opined that lawyers may utilize cloud computing if they take reasonable precautions to ensure that confidentiality of client information is maintained.

Complete Summary

The Florida Professional Ethics Committee (Committee) issued a proposed advisory opinion on the permissible usage of cloud computing by lawyers. Cloud computing involves the use of a third-party service for data storage, data processing tasks, and online access to computer services or resources.

The Committee noted that allowing a third party to have access to a law firm’s data implicates confidentiality, competence and supervision of nonlawyers, but it focused primarily on confidentiality. Reviewing the ethics opinions of several jurisdictions that have already opined on this matter, the Committee noted that cloud computing is broadly allowed so long as lawyers take reasonable steps to ensure compliance with ethical rules.

The Committee then adopted guidelines from opinions in Iowa and New York. Iowa Ethics Opinion 11-01 (2011) noted that attorneys must have access to their own information without limit, the information must be protected from others, and limited access to specific information must be available to third parties when required. Iowa’s opinion further recommends that the lawyer vet the reputation, user agreements, applicable law, retention policies, and security measures of the providers, among engaging in other considerations when determining the ethical impact of utilizing cloud computing. New York State Bar Ethics Opinion 842 (2010) recommends the following three steps for a lawyer’s due diligence when considering a cloud computing provider: (1) having an enforceable confidentiality and security agreement with the service provider; (2) investigating the provider’s security measures, recoverability methods, and other policies/procedures; and (3) using extra security layers to protect against infiltration of the data. The Committee further added that lawyers utilizing such services should consider additional security measures to protect proprietary client information or other sensitive information.

Significance of Opinion

This opinion is another in a line of recent opinions approving the use of cloud computing services by lawyers. Such opinions generally have similar guidelines for the amount and type of due diligence lawyers must perform before enlisting such services. Perhaps most importantly, lawyers should make sure that such service providers stay abreast of technological changes because what is reasonably safe today may not be reasonably safe in the near future.

Download PDF

This alert has been prepared by Hinshaw & Culbertson LLP to provide information on recent legal developments of interest to our readers. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship.