Standard
Lawyers must ensure there is a system in place for the maintenance, backup, and access of all electronic data. This includes electronic records and information relating to clients and their files as well as the financial records of the lawyer and/or law firm.1
Notes
1. Nova Scotia Barristers’ Society, Code of Professional Conduct, Halifax: Nova Scotia Barristers’ Society, 2012, section 3.5
Additional Resources
- Record Retention Standard
- International Legal Technical Standards Organization, 2011 Guidelines for Legal Professionals
- Cloud Computing, Law Society of British Columbia
- CBA Guidelines for Practicing Ethically with New Information Technologies, September 2008
- CBA White Paper, Edward Poll
- Association of Legal Administrators
- Technology Practice Management Guideline, Law Society of Upper Canada
- Cloud Ethics Opinion, Alabama Opinion 2010-02
- Cloud Ethics Opinion, Arizona Opinion 09-04
- Cloud Ethics Opinion, California Opinion 2010-179
- Cloud Ethics Opinion, Connecticut Informal Opinion 2013-07
- Cloud Ethics Opinion, Florida Opinion 12-3
- Cloud Ethics Opinion, Iowa Opinion 11-01
- Cloud Ethics Opinion, Maine Opinion 194
- Cloud Ethics Opinion, Massachusetts Opinion 12-03
- Cloud Ethics Opinion, New Hampshire Opinion #2012-13/4
- Cloud Ethics Opinion, New Jersey Opinion 701
- Cloud Ethics Opinion, New York Opinion 842
- Cloud Ethics Opinion, Nevada Opinion 33
- Cloud Ethics Opinion, North Carolina Formal Ethics Opinion 6
- Cloud Ethics Opinion, Ohio Informal Advisory Opinion 2013-03
- Cloud Ethics Opinion, Oregon Opinion 2011-188
- Cloud Ethics Opinion, Pennsylvania Opinion 2011-200
- Cloud Ethics Opinion, Vermont Opinion 2010-6
- Cloud Ethics Opinion, Virginia Legal Ethics Opinion 1872
- Cloud Ethics Opinion, Washington Advisory Opinion 2215
- Data Security Policy, Lawyers Mutual
- Disaster and Risk Management, Florida State Bar
- Technology, Florida State Bar
- Disaster Planning, Missouri State Bar
- Technology, South Carolina Bar
- Disaster Recovery, Tennessee Bar Association
- Technology Resources, Washington State Bar Association
- The Lexcel v4.1 Standard, The Law Society of England and Wales
- Information Technology, Australian Legal Practice Management Association
- Challenges for Corporate Counsel in the Land of E-Discovery: Lessons from a Case Study (p39) Pelc and Redgrave
- Zubulake v. UBS Warburg LLC, UBC Warburg and UBS ARG 02 Civ. 1243 (SAS)
- “Surviving a Disaster: A Lawyer’s Guide to Disaster Planning”, ABA Special Committee on Disaster Response and Preparedness, 2011
- “Preparing for a Disaster: Data Backup and Beyond”; Law Practice Today, April 2013
- “Cyber Security for Attorneys: Understanding the Ethical Obligations”, Law Practice Today, March 2012
Additional Commentary
As part of a lawyer’s obligation to care for a client’s property, lawyers are expected not only to maintain client records, but to maintain them in a manner that allows for them to be practically accessible. This not only allows a lawyer to complete his / her ethical obligations, it makes good business sense. There has been no shortage of disasters in the last few years, from flooding to theft to fires. Such a disaster can drive lawyers out of their offices, prevent access to client files, disrupt communications and put time-sensitive matters at risk.
Type of Backup
It is one thing to backup electronic data onto some type of disk or other removable storage media but lawyers need to be aware that with the rapidly changing technology in our world today things become obsolete quickly. One need only look at floppy disks from ten years ago to know that the modern computer cannot read them. There is no point in having a format so obsolete it is difficult or impossible to find a new computer to read it. Lawyers also need to be aware that things stored on disks can degrade over time, especially if they are not stored properly. Lawyers need to ensure that any electronic data is accessible quickly in the event of a disaster. Clients cannot be asked to wait a number of weeks or months while the lawyer sends obsolete disks somewhere to be converted or needs to wait for a special order computer to come in before being able to access the data. A lawyer should ensure that he or she reviews the technology of their backup on a regular basis.
There are a variety of methods to backup electronic data. Lawyers will need to determine the method best suited to their individual / firm needs. For some lawyers, this may mean backing up data to an external hard drive which is then stored in a separate location (such as your home); for other lawyers, this may mean using a cloud based service provider; for firms, this may mean using a separate server in a secure location.
This Standard should be read in conjunction with the Record Retention Standard and the Standard relating to Third Party Data Storage Providers.
Location of Backup
For a lawyer or law firm which operates from multiple locations the location of the electronic data backup is relatively simple. One location backs up the other location and vice versa. For lawyers who operate from one location that is not an option. In determining where their electronic data should be backed up there are a number of options.
There are companies which operate a backup service where they will automatically backup the electronic data onto servers located off site, either within the same city or somewhere around the world. If a lawyer chooses to use a commercial backup service they must do due diligence in order to ensure they are able to meet their ethical obligation with respect to client confidentiality as well as all of the other issues surrounding electronic data, including access and technology. Whether a lawyer chooses to use a commercial backup service is their decision.
Another option is to have the data backed up onto a removable format, such as a disk or hard drive, which is then stored offsite. Again for any lawyer, he or she must ensure this meets all of the other criteria as well as the overriding principal of client confidentiality. A further option for lawyers is to purchase their own backup server and locate it offsite. It would also be open to consider partnering with another law firm or professional services firm to backup each other’s electronic data, again subject to all of the issues including client confidentiality. If a lawyer chooses to store their electronic data with someone else, be it a commercial service or other law firm/professional services firm they must ensure they can access it all times without issue.
Frequency of Backup
How frequent a lawyer backs up their electronic data depends on the nature of their practice and the amount of work they produce. Each lawyer has an obligation to ensure they have a policy that their electronic data is backed up in a timely fashion and at a frequency that is appropriate to ensuring all client information is available should there be aproblem. For most lawyers this would be at least daily and depending on the nature of the lawyer’s work it could be even more frequently. A lawyer simply needs to ensure that as much electronic data as possible is backed up in the event of a disaster.
Testing
Simply putting a process in place to backup electronic data and then assuming it works and continues to work is not sufficient. Regular testing should be done to ensure that the backup is working and remains accessible. Each lawyer should have in place a policy to test their electronic backup system on a regular basis.
The overriding goal of any backup system is to ensure that in the event of an emergency business can continue without any interruption. Clients can continue to access their file material as necessary and lawyers are able to access their files to continue work with as little impact on productivity as possible. If a lawyer keeps that in mind as well as the overriding issues with respect to client confidentiality then it is possible to adopt and develop a policy with respect to the backup and storage of electronic data.
Approved by Council on May 23, 2014