In Part 1 of this post I looked at what “cloud” computing actually means, some cloud options for law firms and an overview of the legal and regulatory position. In Part 2 I look at the contractual issues and risks.
Why is the rest of the business world embracing this readily available and cheap technology whilst we pause? Perhaps its our natural caution and need to understand what devil exists in the detail? Now I can come on to to a big BUT . Here’s that devil.
Let’s go beyond the marketing gas – is there anything solid up there in the clouds upon which we can safely nest that precious data without risk of those business wiping-out fines, embarrassment and admonishment by all?
I’ve had an look at the small print in cloud provider’s service/licence agreements, and so far I haven’t found a single provider who doesn’t exclude all liability for data loss (or limits liability to the purchase value of the product) and strongly advises users to regularly back up all data locally.
And despite the clear “for business” branding in their product advertising, the actual contract terms may state that they do not provide any warranty that their service is fit for any particular purpose, or that it is secure and safe.
Essentially, if it all goes wrong, sorry folks you’re on your own -we’re not responsible, so don’t sue us. The Law Society have also picked out this cloud thinning issue in their Practice Note on cloud computing – see section 6.
That’s the equivalent of law firms saying in their terms of business “by the way, we don’t provide any warranty that our advice or that anything we say or do for you will meet your requirements”. That get-out-of-jail-free clause would lift the burden on our solicitor’s shoulders, but its not really walking the talk.
This places a rather big black cloud over the whole third party data storage option for any other business that holds personal data, unless you may want to rely on a comprehensive data insurance policy that will cover you in the event of getting sued, Data Protection Act fines, etc. Or, you want to rely on trust – why should these big name companies get it wrong? A bit like those banks we trust(ed before 2009)?
Perhaps law firms are not yet ready for cloud computing, or cloud computing isn’t yet ready for us – unless you are big or brave enough to negotiate better terms with your cloud provider; see below on some further reading on this.
Here’s my gauntlet to throw up to the sky. If your product is as good as you say it is; the hackers can’t get in, its Data Protection Act compliant, the data is backed up to the hilt, and 100 top techies can vouch for all this, then do as we do – negotiate an insurance policy that indemnifies you.
Then give us a premium product with a warranty that it is fit for purpose and a liability limit of a few million – that seems fair seeing as we law firms manage at least £3 million worth of liability insurance for our clients. You will then have at least one customer who is prepared to pay a lot more than £5 a month per user.
For now, it seems that true to its name, cloud computing is just not watertight.
The USA is ahead of us on this issue, and of course they have data protection law too. For cloud contracting pitfalls see:
And also, with relevance to use by lawyers: