Cloud Computing: Where Data turns to Vapour

It's not quite like this...
It’s not quite like this…

Cloud Computing has all the promise you would expect from the heavens. Why do we have servers and teams of on or off site IT professionals when we can flock to the cloud for an astonishingly low cost – upwards from around £5 per month per user.

It seems like a “no-brainer”, and lo and behold, there are plenty of providers eager to get our business and telling us that if we don’t, we will soon be left behind with our dreary world of grinding servers whilst the rest of the business-world frolic happily in the clouds.

What’s Available?

Cloud computing for law firms along the lines of Google for Work and Microsoft’s Office 365 is ridiculously straightforward. Everything is set up for working seamlessly using cloud technology with documents uploaded, edited, downloaded, and emails accessible everywhere.

Cloud Computing: Easy, convenient and cheap

Its an absolute cinch to set up your modern  legal office that everyone will love. And the ease of use and convenience of these accessible everywhere all-in-one packages for businesses have taken the world by storm.

Google claim 3 million paying businesses use their work services worldwide, including 60% of Fortune 500 Companies. Many UK schools also use cloud technology, which parents will know causes issues when children’s passwords get shared around the classroom.

Who uses third party data storage providers?

In the UK, our banks, railway companies, universities and law firms are entrusting third party data storage providers with their (or rather, our) sensitive data.

So we have on tap a ridiculously cheap, widely available and easy way to delegate data responsibilities to the heavens. And with so many big names on board, why shouldn’t we hop on? Before we place our head in the cloud, let’s cover some more basics.

What exactly is “Cloud Computing”? 

All this means is that the computer or device used to store your data is not held on your premises, but by a third party off site provider. So when we access our data, we are actually accessing it from a (hopefully secure) data centre somewhere in the world – USA, Lapland, Honolulu; does it matter so long as we don’t have that horror of horrors: Data loss?

Can we safely delegate care of our data to someone else? 

We’d all like to see less of this mess in our office.

Our data is in someone else’s care, but what about the Data Protection Act? That says we need comply with responsibilities when we hold and use information about other people, and it needs to be held within the EEA, though see the Information Commissioner’s blog on storing data in Safe Harbour countries.

We’re obliged to ensure robust measures are in place to ensure the data we hold is not compromised, including a written agreement between us (as the data controller) and the data storage provider.

And let’s not forget that despite Brexit, further measures are due to come into force next year through the new EU General Data Protection Regulation.

What happens if we get it wrong, and who is responsible?

Ultimately we are responsible for meeting legal obligations concerning our data, not the third party provider. And if we get it wrong, we face embarrassment, loss of business and fines of up to £500,000.

And we’re under the ICO’s radar – 173 UK law firms were investigated in 2014 for potential Data Protection Act breaches. And a quick scan down the ICO’s  list of recent organisations they’ve taken action against reveals a few legal service firms and individuals including Assist Law and a barrister.

So maybe we can’t fling our data carelessly around the world?

What do our regulators think?

The SRA acknowledge the ease and functionality of cloud computing, but they have concerns; loss of data control, confidentiality, compliance with data protection legislation – it’s all in their document Silver linings; cloud computing, law firms and risk.

The Law Society have also published a comprehensive Practice Note on cloud computing.

Essentially the message is; make sure there are safeguards in place, be aware of the many potential issues, proceed with great care, don’t forget your regulatory obligations (e.g. Outcome 7.10 re outsourcing to third parties) and remember: You haven’t delegated your responsibility for client data to someone else.

In Part 2 of this post I look at the contractual terms offered by cloud providers. Should something go wrong and its their fault, who is liable? Us, or the cloud provider?

Share this post, like or follow
RSS
Follow by Email
Facebook0
Facebook
Google+
https://www.lawpracticemanager.co.uk/it/contracting-with-the-cloud/
LinkedIn52
Martyn

Ben

I set up Law Practice Manager because I enjoy sharing fresh and original opinions and posts on law management issues. Facebook and Twitter: @LawManager1 LinkedIn group: https://www.linkedin.com/groups/8538343

4 thoughts on “Cloud Computing: Where Data turns to Vapour

  • February 27, 2016 at 3:34 pm
    Permalink

    Quite an insightful blog, thanks for posting 🙂

    Reply
  • March 5, 2016 at 1:42 pm
    Permalink

    Lights not yet green?
    Overnight in France many road junctions have only an amber flashing light in place of the usual three colours. That means proceed with caution. Ben is saying exactly that: cloud computing has not yet earned a green light. Security is not guaranteed, so proceed with caution.

    Reply
  • June 13, 2016 at 3:02 pm
    Permalink

    Can you guarantee that your own servers can’t be hacked (or even stolen), using your own in-house IT? Can you guarantee that your own back-up systems won’t fail?

    Proceed with caution, certainly, but the actual risk of a breach will usually be lower using a dedicated (UK-based, etc) provider whose bread and butter depends on them maintaining security, than in-house IT for all but the largest of firms, with all their other responsibilities.

    I guess it is weighing up a smaller risk out of your control against a larger risk that you do control; the end result of a failure to the business is likely to look the same. What do your PI insurers have to say about this risk?

    Reply
    • Martyn
      June 13, 2016 at 3:10 pm
      Permalink

      Thank you Tony for your comment, its good to have your views. This might be true but my concern is with the lack of contractual liability by the third party providers. It just doesn’t make sense with any commercial contract to contract for something that requires a very high degree of responsibility and care if the contractee excludes all liability for loss. Practically, I’m not an expert on IT so I can’t comment on the lower risk of a breach aspect you raise.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close