Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
T
he shift from desktop- and server-based to traditional, on-premises solutions. In a law firm
software to software as a service (SaaS) context, the use of cloud computing raises ethics
or “cloud computing” is one of the most issues around storing confidential client data on a
significant transitions in computing to system the attorney may not own or otherwise control.
occur in the last 20 years. While the The discourse on the ethics of cloud computing
benefits offered by cloud computing are numerous, took a significant step forward in March 2010 with the
several outstanding questions remain regarding the issuance of a proposed Formal Ethics Opinion (FEO)
relative security of cloud-based systems as compared on cloud computing by the North Carolina State Bar.
password for more than one website. A free password For example, Facebook recently caused a virtual
generator and manager is PasswordSafe (http://www. firestorm with an update to its privacy policies
passwordsafe.com). that apparently granted the company perpetual
control over content posted by its users.
Data Privacy
The following questions provide a summary of some Data Availability
important considerations when evaluating a cloud- The importance of a cloud-based provider’s
based provider: data availability strategy cannot be overstated.
A recent catastrophic data loss at Danger,
• What is the privacy policy? a division of Microsoft, where information
Policies should be clearly stated, and disclose for thousands of users was irretrievably lost,
how information supplied to the service is housed, highlights the importance of a proper data
protected, shared, manipulated or disposed of. availability strategy. As long as an appropriate
strategy is in place, SaaS applications can
• Who owns the data? arguably provide a much higher level of data
When entrusting your practice to a SaaS solution, it’s availability than desktop applications.
critical to understand the impact of the company’s By asking a cloud computing provider about
privacy policy on the lawyers’ ethical requirements as their data availability strategy, you are essentially
legal practitioners. seeking an answer to this very important
question: What are you doing to ensure that my
• How can the data be used? data remains available, even in the event of a
When it comes to confidential client information, natural or human-induced disaster?
the privacy policy generally outlines how the cloud The types of disasters that need to be
computing provider can (or cannot) use the data you contemplated in a data availability strategy are
enter into the application. In general, all information numerous. Natural disasters could range from a
you enter into a cloud computing application should lightning bolt that causes a simple power outage
be treated as confidential, private information that at one data center to an earthquake that wipes
cannot be used by the cloud computing provider. out power for an entire state. Human-induced
Furthermore, the cloud computing provider should disasters could include a simple network
only be permitted to view any of your private misconfiguration or a situation where the SaaS
information with your explicit consent (for example, to provider must shut down for any number of
troubleshoot a technical issue). issues related to business continuity.
While in many cases this seems to be the only Although many of these scenarios are
obvious and fair way of treating private data, there have extremely unlikely, the value of the data that is
been some high-profile cases of very popular websites being stored should require a comprehensive
imposing less-than-fair privacy policies on their users. plan to mitigate the risk associated with