A recently issued report of the Committee on Small Firms of the New York City Bar, “The Cloud and the Small Law Firm: Business, Ethics and Privilege Considerations” provides a helpful introduction to the subject of cloud computing, and considerable guidance to practitioners.1 But perhaps necessarily the report does not give definitive answers to the fundamental questions: When—if ever—should lawyers use cloud computing in the context of the practice of law? This article will review the report and will seek to provide additional guidance to the perplexed practitioner or managing partner.
Before either defining “the cloud,” or surveying the city bar report, it is essential to place the subject of the limitations on lawyers’ ability to protect confidential information in our digital universe in context. There are two dimensions to the challenge of preserving confidential information. First, if anyone still believes that the National Security Agency (NSA) does not have the ability to access any and all data that can be accessed using the Internet, they are living in what an English politician (many decades before the term cloud computing was invented) referred to as “cloud cuckoo land.” Similarly, the recent loss to hackers of the personal financial information of 40 million customers by the Target retail store chain highlights the fact that even giant corporations, with technology budgets that presumably dwarf the resources of most, if not all law firms, are unable to guarantee the security of their customers’ information.
