Firms warned on storm brewing around off-site data
While cloud storage has been a boon for the legal profession, firms should not underestimate the potential risks, according to an IP partner.
Speaking at ALPMA’s Expert Panel Session: Technology for Law Firms last week, Sparke Helmore IP and technology partner Richard Chew acknowledged the benefits of using cloud services.
However, he also warned the contractual agreements could carry risks, particularly around data security.
“Security is a two-way street, and you must oversee that your contracts are drafted appropriately and your risks are dealt with, and data security has been managed,” Mr Chew said.
“You have to ensure that you yourself are securing your data; you can't rely on the fact that the service provider will secure your information or indeed that they won’t potentially give others access to your system and information.”
Mr Chew said most contractual agreements include an exclusion of consequential loss by service providers and suppliers.
“As a customer you think ‘well I see it in every contract, so it's fine’. But if you think about what you're buying with a cloud service, if you allow the service provider to exclude all liability for loss or corruption of data then essentially they could do anything and they have no liability whatsoever.”
“Be mindful that these common legal constructs that you see on a day-to-day basis could have significant ramifications,” he said.
Another point often made in contracts is that the supplier is not responsible for performing their obligations if an event beyond their reasonable control occurs.
Australians often take for granted that a fairly normal environment, stable political system and robust legal system, so fail to worry about any such events occurring, Mr Chew said.
“But if you're dealing with suppliers who are not Australia-based suppliers but overseas-based suppliers, you can’t rely on those assumptions. You need to take the local considerations in to account because they could have a massive impact.”
The location of your data is also an important thing to look out for, Mr Chew added.
“Information, while it might be initially stored in Australia, could potentially be transferred off-shore and a lot of service providers in the cloud space will do that.”
It’s important to know if and where your data could be transferred to, so as to not breach any legislative frameworks or requirements that apply to material generated for particular clients.
“For example, if you are doing work for the government that could be a state record; in which case in NSW the State Records Act would apply, so things like that can become problematic,” Mr Chew said.
“So if you promise your clients that you'll comply with all applicable laws and then you shift all your records across to China, including those government records, then that could be an issue.”
A final few points that Mr Chew made included that the provider should acknowledge their obligation to invest in improving their service over time.
It’s also important to check if the provider offers a back-up service that backs up your data and not just the application.
Finally, he said if you ask the provider to encrypt your data, you must ensure you are given the ‘keys’ to decrypt the data when desired.