Nearly a decade after we moved our eDiscovery platform to Amazon Web Services, making it accessible from anywhere without expensive infrastructure, it’s become increasingly common for law firms to manage their clients’ data in the cloud.
Yesterday, leaders from six legal cloud computing providers – known collectively as the Legal Cloud Computing Association – released the first set of cloud security standards that specifically address law firms’ strict ethical obligation to protect client data.
What are cloud security standards?
The draft of this “cloud security doctrine” consists of 20 cybersecurity recommendations for law firms formulated by IT leaders in consultation with bar associations, law societies and licensed attorneys. The recommendations cover physical security of the hosting servers, data integrity measures, and terms of service between the legal technology vendors and their clients.
The framework also addresses commonly cited concerns about storing evidence in online servers, and prescribes frequent “ethical hacking” tests to validate that law firms’ evidence is well protected.
Who drafted these rules?
The LCCA was initially formed in 2010, and guided some of the first ethics opinions about the online storage of legal documents. Jack Newton, CEO of Clio, is president of the LCCA. In addition to Nextpoint, current member companies include DirectLaw, NetDocuments, Onit, and Rocket Matter.
Our CEO, Rakesh Madhava, and attorney-in-residence Julianne Walsh helped draft these guidelines in accordance with best practices employed at Nextpoint and outlined last May in our joint cybersecurity webinar with Clio.
What do they hope to accomplish?
The idea is that the pioneering legal technology experts in the LCCA, who have deeply refined cybersecurity strategies to safeguard client data, can share their knowledge and experiences to benefit the entire legal industry. Vendors who adopt these data security standards are contractually obligated to provide specific levels of threat protection to the law firms they serve.
“The LCCA believes that sophisticated technology to secure data and prevent cyber-attacks is now available to every law firm regardless of size,” Madhava said.
What’s next?
Now that a draft of these cloud security standards has been published on their website, the LCCA is opening them to public critique. The association plans on debuting a refined and final version at the ABA Tech Show in Chicago in mid-March.
