At the latest quarterly meeting, on April 15, 2010, the Ethics Committee of the NC State Bar voted to publish a new ethics opinion addressing the applicability of the Rules of Professional Conduct to cloud computing or software as a service (Saas). The proposed opinion, 2010 FEO 7, says that a lawyer may contract with a SaaS vendor provided that the risks that confidential client information may be disclosed or lost are effectively minimized. The opinion requires that lawyers take “reasonable precautions” to prevent information from being leaked or destroyed, and does not require that an attorney use “infallibly secure methods of communication.” Nonetheless, the opinion goes onto list nearly 23 questions that a lawyer “should be able to answer” to conclude whether the risk to confidentiality and security of the client’s information is minimal. One of the questions is “where does the SaaS vendor derive its funding?” Query whether this is information that any vendor would share.
