Cloud technology brings a suite of benefits to law firms. It allows them to easily access their data from various devices, it cuts the cost of maintaining proprietary infrastructure, and it helps law firms easily scale their storage space.
So it shouldn’t be any surprise that we’re seeing a rise in the number of law firms relying on the cloud for their records management. As a matter of fact, data by the ABA 2019 Legal Technology Survey shows that 58% of law firms already keep their data in the cloud. The rest are expected to migrate in the near future.
And yet, despite its convenience, cloud technology might be a slippery slope for many law firms. When handling sensitive data it’s crucial that companies lose no record and meet many compliance requirements that govern data handling. This requires adding a layer of precaution when migrating data to the cloud. So, here’s a rundown of pitfalls to look out for.
Meeting compliance with technology
Regardless of the industry they primarily specialize in, law firms need to meet a large set of regulatory requirements that pertain to data protection and records management. But it’s not enough to just implement IT solutions.
Instead, law firms need to be able to prove they have taken necessary measures to safeguard their business records and client information. According to the ABA Rule1.6, “a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
In a more practical sense, this means that law firms need to take proper measures to ensure there is a match between what law mandates and what their cloud archive, or any cloud-based tool for that matter, can do.
These requirements can range from the frequency of data backups, to security protocols used, to retention periods imposed on particular business records and so on. So before moving fully to the cloud, you should first understand what requirements you need to meet.
Managing electronically stored information
All electronically stored information (ESI) that law firms keep are heavily regulated. For example, if your cloud server is located in a different location than your law firm, you need to know whether you are breaking any specific requirements that govern where that particular set of information can be lawfully stored. Also, check whether servers are perhaps located in areas prone to natural disasters. It’s not a common practice, but it helps to be sure.
Information access
Another aspect that law firms should consider and look into is who has access to their information once they’re uploaded to the cloud. The fact that your data is stored on remote servers can potentially mean someone without proper authorization accessing and tempting with the records. This can be a case of serious non-compliance, which can result in not just fines, but a damaged reputation as well.
Speed of information retrieval
In case your law firm receives a court order or an eDiscovery request, it’s important that it can collect, export, prepare, and submit all relevant records on time. When your business records are stored on cloud servers, there might be a delay in data gathering, which could cause your law firm to miss the deadline.
However, cloud technology is rapidly advancing, so this is not the standard issue you’d encounter, but it’s advisable to check with the vendor about these specific requirements you might have.
Lack of control
Before signing the deal with the cloud vendor, law firms should also double check what happens in case of the agreement termination. In some cases, you might need to wait some time before your data is restored and returned to you.
However, there’s a more pressing concern that you need to address and that is whether and how that vendor’s solution (this relates primarily to cloud-based solutions law firms use in their day-to-day operation) is compatible with other technologies.
You don’t want to spend time trying to work out how your legacy data can be moved from one vendor to another. It’s not only costly, but can leave you exposed to non-compliance and breaches.
Document storage and management
Records management is a big part of law firms’ compliance efforts. And so, it should make a big part of your plan to migrate to the cloud.
As a rule of thumb, you’ll want your cloud solution to reflect your existing records management policies and procedures. This helps make a swift transition, with your fellow lawyers and team members feeling comfortable with the new technology.
Since records management is an essential part of day-to-day operations across law firms, here are some specific scenarios you should customize your cloud archive around.
- Roles and permissions: make sure your cloud archive supports customizable roles and permissions so that only those employees with the right and need to access information have access rights
- Formats: business records now include a number of data formats. From WhatsApp archive, to social media, to email correspondence with clients, and communication between team members, which can take place through social media or instant messaging apps, make sure you can capture and preserve all of this information.
- Finding relevant information: check how easy it is for lawyers on your team to find the crucial information stored in the cloud. The key functionality of the cloud is to support your daily operation, not slow it down, so it’s worth thoroughly exploring how different cloud email archiving solutions take care of your records management processes.
- Retention periods: check whether you can set automated removal policies so that the data is removed once the required retention period expires. Otherwise, you’d have to sift through thousands of business records and move them manually. It’s doable, but it’s prone to error too.
Susceptibility to cyber attacks
Cyber attacks are what makes many law firms shy away from the cloud. And it’s understandable. The number of cyber attacks today alone has surpassed 15 million, according to data by Live Cyber Threat Map.
Many large organizations, including Capital One Bank, fell victim to vicious cyber attacks that have exposed the personal information of millions. So it makes sense for smaller law firms to feel reluctant to “give away” their data to third party vendors.
However, the technology aspect is just one part of the equation.
The other part of the equation is the people and how well-versed they are in cyber security. For someone who works with sensitive information, it’s always advisable to undergo extensive training on how to protect data and not fall into the hacker’s trap. This type of training is one of the first steps that law firms should take to help boost the resilience of the entire law firm.
So there are clear “obstacles” to law firms successfully implementing a cloud archive. However, despite these rough patches, there are numerous benefits of these technologies. But no matter whether you decide to stay on-premise or not, or perhaps move a part of the business to the cloud, the key is to start with understanding what exactly your law firm needs.
The key to a smooth migration to the cloud is to ask the right questions. And to be able to do that, everyone on the team needs to be able to ask the right questions about their own line of work. This is possible only when the processes are clearly mapped out. It helps choose the right cloud vendor and helps your law firm stay compliant.
