back to Screen-Friendly page

Bar Association of San Francisco Member Benefits: Publications

Cloud Technology Questions Answered

Transmission and Storage of Confidential Electronic Data Seminar is March 23


By Jeff Curl, JC Law Group PC


Whether it is email, servers, data back-up or encrypting sensitive information, electronic data plays an essential role in most law firms today. Most firms cannot function without email. But does an attorney fail to comply with his or her professional responsibilities when communicating sensitive data by unsecured, non-encrypted email? How about client files stored on a “cloud server” or traditional server that users can access remotely via internet?

Cloud servers even the field for small and solo firms that cannot afford traditional servers and the required maintenance costs. This “cloud” is a third-party company that maintains physical servers where several business customers pay to access a specific portion of the server as its own. Documents can be shared, stored and altered on each firm’s allotted cloud server similar to a traditional physical server. Many of these providers can do so for a low monthly or annual fee.

These forms of communication and storage raise issues of professional responsibility, including California B&P Code section 6068(e)(1)’s duty to maintain inviolate the secrets of a client and California Rules of Professional Conduct, and Rule 3-100’s disclosure of confidential information that requires informed written consent.

Other questions raised include:

  • How safe is your email when using a third-party provider?
  • What steps must an attorney take to ensure that a cloud server meets the minimum requirements for safely maintaining sensitive client information? For example, a smaller firm is not going to have the resources to send an IT staffer to physically audit the “cloud” company’s servers and its protocols.
  • Do any disclosures need to be made to clients about the use of such servers?
  • If a client requests a file or document to be destroyed, how do you deal with mirror sites and back-ups maintained by cloud servers that have internal policies of maintaining data for recovery purposes?
  • What is the requisite level of encryption? Is HIPAA compliance a useful measure?

While there may not be any clear answers to every issue raised by use of these technologies, BASF presents “Transmission and Storage of Confidential Electronic Data” on March 23, at 12:00 p.m. to address some of these complex questions. Find out more at

Jeff Curl is partner at JC Law Group PC, a practice dedicated to bankruptcy. He also serves as the chair of the Barristers Club’s Solo and Small Firm Practice section.

Our partners at BASFAhern Insurance Brokerage