Illinois: Attorneys & Clients in the Cloud

by William Golden in Ethics Opinion, Featured, Technology. Posted February 18, 2017

Recently, the Illinois State Bar Association (ISBA) issued a Professional Conduct Advisory Opinion stating that lawyers may use cloud-based services to store client information.

However, the ISBA warned that the use of cloud-based services raises ethical implications of “…competence, confidentiality and the proper supervision of non-lawyers.”

The ISBA quoted Nevada Formal Opinion 33 (2006), which analogized the duty to protect client information on a cloud-based service to the duty to protect client information on a physical server. The Nevada Opinion concluded, “[t]he question in either case is whether the attorney acted reasonabl[y] and competently to protect the confidential information.”

To help lawyers select a cloud-based service provider, the ISBA outlined 7 non-exhaustive practices lawyers could engage in (summarized):

Reviewing industry standards and appropriate safeguards;
Investigating whether the provider has implemented reasonable security precautions;
Investigating the provider’s reputation and history;
Inquiring as to whether the provider has experienced any breaches of security;
Requiring an agreement;
Requiring that all data is appropriately backed up;
Requiring provisions for the reasonable retrieval of information.

Further, the ISBA warned that the duties implicated by using cloud-based services do not end with choosing a reputable provider. This is in part due to the fact that the Illinois Supreme Court recently amend Comment 8 to Rule 1.1 of the Illinois Rules of Professional Conduct. The Comment now reflects Comment 8 to Rule 1.1 of the Model Rules of Professional Conduct and says “…lawyers must keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology…” (Emphasis added).

This led the ISBA to echo Arizona Ethics Op. 09-04 (2009) and Washington State Bar Association Advisory Op. 2215 (2012) (among others) and conclude that lawyers using cloud-based services must, “…conduct periodic reviews and regularly monitor existing practices to determine if the client information is adequately secured and protected.”

Read the full opinion here.

[…] of a non-binding advisory opinion, as has been the case with other jurisdictions such as, Florida, San Francisco, and Delaware, it is important to note that Ohio went a step further and amended its rule regarding […]

Remote Lawyering: New Jersey and Ohio On Board - Legal Ethics Advisor on Remote Work: San Francisco Bar Association Advice in Ethics Opinion 2021-1
Not all jurisdictions have adopted the Model Rule version of the choice of law rule; seems like there might be a different result in at least some of those states. See, e.g., NY RPC 8.5(b)(2)(i) ("If the lawyer is licensed to practice only in this state, the rules to be applied shall be the rules of this state").

Art Lachman on ABA Opinion 499 Green Lights Lawyers’ Passive Investment in Firms with NonLawyer Ownership

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30