Do you have your client’s permission to store legal documents on the cloud? Are you protecting that data in line with data privacy and consent laws?
Chambers are gradually moving their data over to the cloud. It’s an efficient and cost effective way to store and share files with colleagues and clients securely.
But are you aware of the data protection principles of cloud-based data and your obligations when it comes to client consent?
Client Consent for Data in the Cloud
Any solicitor or barrister owes their client the duties of competence and confidentiality.
Cloud storage is changing & improving the way we store and share confidential files, so it is equally important that lawyers stay up to date with consent and confidentiality protocol, and adapt to a changing file storage landscape to adhere to their professional obligations.
These obligations will allow a lawyer to store and transmit client data using the cloud. But it is their responsibility to take the necessary steps to maintain the confidentiality of that data and the rights of the individual. EU Law requires you to seek client permission before saving any personal client data on the public cloud, and places responsibility with the chambers and data controller for what happens to that data.
To ensure due diligence on your client’s behalf, you should take the following steps:
- Ensure that your cloud service provider’s service agreement requires them to preserve the confidentiality and security of materials.
- Enquire as to the level of encryption and password protection offered by your provider.
- Agree that your provider will notify you of any unauthorised access or breaches.
- Establish your level of access, and how your data will be backed up.
- Keep paper copies of ‘original’ personal documents, in the event that technology fails you.
- Respect your client’s wishes when it comes to storing data in the cloud.
The legal landscape is complex when it comes to cloud storage, especially with developments in social media and mobile usage. Regulations are being revised, but it is up to you in chambers to manage and protect personal data, comply with data privacy laws and reduce the risk of a breach of client-lawyer privilege.
If in any doubt of the integrity and security of your cloud computing system, or your ability to preserve the confidentiality of personal client files, talk to us about how we can offer cloud security support to your chambers.
Want to know more about the main risks to data protection in the cloud? Look out for next week’s article, coming soon in the Intelligence Centre….