The Law Society, a global community that works to support and represent its members, promoting the highest professional standards and the rule of law, has released a practice note on the use of cloud computing in law firms. The Law Society warns that today’s law firms planning to move their IT into the cloud should be aware of the risk of lawful interception by intelligence agencies.

Cloud computing means a third party owns or controls the hardware, and often the software, which you operate via the Internet. Cloud computing technology can improve storage, resilience and flexibility at reduced costs, but the guidance warns that cloud computing also poses risks, in particular, there may be circumstances in which police or intelligence agencies can lawfully obtain access to data.

Dr. De Silva, chair of the Law Society’s Technology and Law Reference Group and a member of the EU Commission’s expert group on cloud computing and technology partner at Penningtons Manches LLP, welcomed the new guidance for lawyers.

“Anyone involved with the collection and storage of personal data must comply with the Data Protection Act, and law practices are also subject to professional conduct obligations to maintain client confidentiality and properly manage their practices,” he said in a statement.   

The guidance advised law firms to pick a cloud provider that offers “appropriate contractual commitments and operational practices.” The recommendations come after a recent Lexis Nexis study that found three quarters of law firm said they were more likely to use the cloud this year, with almost a quarter of respondents believing their employees were already using cloud tools without the law firm’s knowledge. 

‘While cloud computing has a number of advantages for businesses, such as reducing costs and increasing storage, it carries risk which firms must consider when engaging with a third party to handle sensitive information,” said Dr. De Silva.

In addition to the risks and benefits of cloud computing, the note covers other areas including lawful access to data by foreign law enforcement; service levels and the right to sue the cloud provider for damages or terminate the contract and; inadvertent breaches of the cloud provider’s acceptable use policy where defamatory material needs to be held on the cloud where a law firm is acting for a client defending a defamation claim.


For more cloud computing news, check out these articles:

Compliance and the cloud come face-to-face in battle

Internet governance changes could challenge businesses

IP: Cloudy weather for network television or are clearer skies ahead?

Adoption of cloud-based tools on the rise in legal industry