Law firms planning to move their IT into the cloud should be aware of the risk of lawful interception by intelligence agencies, the UK Law Society has warned.
The Law Society negotiates with and lobbies the profession’s regulators, government and others to provide training and advice for solicitors in England and Wales.
In a practice note on cloud computing, in which data is stored and processed via the Internet under the control of a third party, it says the technology can improve storage, resilience and flexibility at reduced costs.
However, the guidance warns that cloud computing also poses risks, in particular, there may be circumstances in which police or intelligence agencies at home or abroad can lawfully obtain access to data.
Dr Sam De Silva, Chair of the Law Society’s Technology and Law Reference Group, said: "Anyone involved with the collection and storage of personal data must comply with the Data Protection Act, and law practices are also subject to professional conduct obligations to maintain client confidentiality and properly manage their practices."
The guidance advised law firms to pick a cloud provider that offers ‘appropriate contractual commitments and operational practices.’
The recommendations come after a study from Lexis Nexis in January found that nearly three quarters of law firm said they were more likely to use the cloud this year, with almost a quarter of respondents believing their employees were already using cloud tools without the law firm’s knowledge or approval.
The practice not also covers the following areas of consideration:
1. Service levels and the right to sue the cloud provider for damages or terminate the contract.
2. Inadvertent breaches of the cloud provider’s "acceptable use policy" where defamatory material needs to be held on the cloud where a law firm is acting for a client defending a defamation claim.