Privacy and Compliance issues for Legal in the Cloud

Every part of our personal and professional lives is being impacted by the transition to the Cloud. We once outsourced each of our utility services to large private enterprise and created professions dedicated to specialist areas of knowledge. Now, the same is happening to the data and computing systems that we work with and in no industry are the implications of this so profound, as in the legal profession.

In the legal sector, there are hundreds of years of experience and precedent surrounding the careful control of documents. From verifying authenticity using stamps, wax, seals, watermarks and other mechanisms to strict version control. However, none of this works in the digital world. Digital documents are frustratingly easy to copy, modify and forge. When you add this to the connected nature of the Cloud, and toss in the ability to access these systems over the Internet, then you have the recipe for legal disaster.

Many people today mistakenly attribute ‘Cloud’ to the Internet, or to large-scale computing infrastructure. In truth, the Cloud is neither of these things; it’s simply some (clever) marketing around the same concept as any public utility.

The Internet is not a thing in and of itself, or any one specific network. This means that the Cloud is not synonymous with the Internet. In-fact the notion that you can, or should, access a computing service which is not provided locally, and must traverse several independent, public networks via the informal agreement that is the Internet becomes questionable.

For the legal industry we see that the challenges around Cloud and privacy are many and complex. Legal organisations need to use private Cloud networks that operate as an extension of their existing environment to ensure that confidential information remains behind the firewall and is not being transported over the public Internet. It’s important to consider:

  1. When using a Cloud provider, where does the data physically reside when at rest, when in use, when being backed up, when being restored after a disaster?
  2. When using software based in the Cloud what is the access security mechanism? How many independent factors are used? Can this access security be compromised? Can communications be monitored or suffer man-in-the-middle attacks? What would be the potential impact of a denial of service attack if the data became unavailable at a crucial juncture of a legal proceeding?
  3. How is data integrity managed? Can data be modified without trace? Can we rely on the time-date stamps showing the last modified date / time / user? Will the court system we operate in accept these dates as evidence?
  4. If access is global, are there legal issues about people from outside of the jurisdiction accessing the data? Can legal borders be enforced in the online world?
  5. How do you deal with the risk of the commercial provider themselves falling under legal, financial or regulatory issues that would impact the service they provide?

Today there is no one solution for every application in legal; the answer therefore is to ask the right questions of your service provider. A service provider suited to the legal industry will understand the challenges and will be able to provide targeted and specific answers to each firms’ challenges.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>