A hosting service can offer enormous economies of scale for storing, managing, and securing huge volumes of electronic data.
Hosted computing is no longer a cyber-playground for early adopters. It is now the digital backbone for many companies that demand highly secure, infinitely scalable, round-the-clock accessibility, and centrally managed data centers maintained by highly trained IT professionals.
Every time you make a purchase over the Internet, you are using a hosted service. You buy books, software, music CD’s, movie DVD’s — everything imaginable and have no problem providing all the personal information they request in order to do so.
Lawyers would argue, of course, that buying a movie DVD on Amazon is a completely different scenario than ensuring the confidentiality of client data. On the other hand, those same lawyers freely entrust their home address and credit card information to Amazon and others with complete assurance that their personal information is held in strict confidence.
Building Software for a Hosted Environment
The concept of “Hosted Computing” is still relatively new…at least to lawyers. The core idea behind this concept, however, has been around since the evolution of the Internet, but the contemporary concept of the hosting service grabbed the spotlight in 2006 with Amazon’s “risky bet” offering their surplus server capacity to the public as cloud-based storage.
In this case, the host provides the electronic infrastructure for Software-as-a-Service (SaaS). “SaaS” and “Hosted Computing” are regularly and mistakenly used interchangeably. But to be precise, the “Host” describes the backend mechanism that provides storage and processing power at a fraction of the cost required to build and maintain your own data center. The concept has been compared to a utility like electricity–we pay only for what we consume off the grid rather than building and running our own power generating plants.
“SaaS” describes the functional “software” delivered to a subscriber through a Web browser. SaaS applications aren’t required to housed on a host, but it’s the ideal amalgamation for providing unsurpassed functionality, accessibility, and security.
Lawyers are hesitant to adopt new technology — they must have complete confidence that nothing will impinge upon their ethical responsibilities to clients and society. But, there are many reasons lawyers should adopt the benefits of hosted computing…Here are just a few…
Higher Standard of Data Protection and Reasonable Precautions
One of the rules put forth by the American Bar Association is:
“When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy.”
Most lawyers who store their clients’ data in the confines of their office would vow they are taking reasonable precautions to protect confidential data. But, in reality, most law offices are woefully deficient when it comes to protecting confidential electronic data, especially when compared to the extraordinary security found in a hosted computing environment.
For example, many “secure” servers found in law firms are located in unlocked broom closets accessible by anyone from building maintenance to cleaning crews. Surely a reasonable precaution would be to at least lock the door to restrict physical access. The equivalent of an unlocked door in the digital world would be a server without the latest security patches applied, or haphazard oversight on user accounts. Moreover, most small legal firms rely on “Joe the computer guy” to perform repairs to sensitive equipment when problems arise. This provides a readily available path for data to be stolen or misused. Not that Joe the computer guy is a bad person but not all IT technicians reek of purity either.
In contrast, most data centers for hosted computing applications must maintain compliance with a myriad of standards for safeguarding confidential information and must pass rigorous sets of industry-standard auditing requirements to ensure the strictest levels of electronic and physical access. This requires the establishment of proactive policies for continuous monitoring, performance of background checks on employees and contractors, account access creation and removal, details of round-the-clock, on-premise security and surveillance measures, data destruction methods for end-of-life media, and overall network security.
Looking at most law offices, they would be hard-pressed to produce any document at their firm that covers data security. And, there is serious doubt they would be able to even outline their firms’ practices for account creation or data destruction.
Here in Nevada, for example, the State Bar’s Standing Committee on Ethics and Professional Responsibility issued an opinion in 2006 where the question of security of client data is directly addressed specifically as it is related to housing confidential client information, with or without client consent, in an electronic format that is not exclusively under in a lawyer’s control…Here is an excerpt from that opinion:
“The use of an outside data storage or server does not necessarily require the revelation of the data to anyone outside the attorney’s employ. The risk, from an ethical consideration, is that a rouge employee of the third party agency, or a “hacker” who gains access through the third party’s server or network, will access and perhaps disclose the information without authorization. In terms of the client’s confidence, this is no different in kind or quality than the risk that a rouge employee of the attorney, or for that matter a burglar, will gain unauthorized access to his confidential paper files.” (See the full text here.)
So, how would an attorney exercise reasonable care in selecting a hosting vendor? Here are a few questions to ask:
- Have you read the user or license agreement terms, including the security policy, and do you understand the meaning of those terms?
- Does the hosting service’s Terms of Service or Service Level Agreement address confidentiality? If not, would the vendor be willing to sign a confidentiality agreement in keeping with the lawyer’s professional responsibilities?
- How does the hosting service, or any third party data hosting company, safeguard the physical and electronic security and confidentiality of stored data?
- And, does the hosting service provide more security for confidential data than an unsecured server in a law office, or a lawyer’s confidential paper files? If so, then clearly a lawyer is taking all reasonable precautions to protect data when they use the secure hosting service.
Safer Than Sending Data Through Email
Today, the practice of law would slow to a crawl if every lawyer had to obtain client consent to communicate with them using email. E-Mail has become the standard for client communication and even the preferred method for efficient delivery of confidential documents.
Most firms don’t use encrypted E-Mail or SSL certificates when sending important information to clients largely because this can be a fairly complicated process and many clients aren’t equipped to handle encrypted mail. But the transmission of un-encrypted E-Mail is insecure when sent as plain text. Remember, E-Mail can travel through any number of servers and routers over the Internet before reaching its final location. And, it can be trapped, redirected, or stolen long before it reaches its intended recipient. Many years ago, it was determined that unencrypted E-Mails posed little risk but times have changed — the Internet is bigger, more complicated, and more amorphous than it was only a few years ago.
There is a wide variety of software packages available for attorneys. And, they offer features to support the single attorney office to the large multi-national firms. They range in price from several hundred to several thousand dollars depending on the number of attorneys in your practice and the features you require. Some of these features include:
- Accounting, Billing, Cash Management, and Invoicing
- Calendar Management for Individuals and Groups
- Scheduling for individuals and groups
- Provide audit trail of schedule changes
- Track documents associated with events
- Automatic synchronization with Outlook for appointments
- Automatically schedule events based on predefined workflow
- Date calculator to compute due dates for notices, response deadlines and appearances
- Create practice specific templates, activities and timelines to support unique requirements
- Collaboration Tools
- Case and Client History
- Case Management
- Contact Management
- Document Management
- E-Mail Archiving
- HR Management
- Multiple Currencies and Multiple Language Support
- Records Management
- Mobile Access using your Smartphone or notebook computer
- Trust Accounting
- Workflow Management
Above all, it is imperative that your records are maintained in a secure and readily accessible manner. At Xogenous, we can host your existing system or assist you in selecting a system for us to host for you.