News and Events



Cloud data storage: heavy weather?

View profile for Paul Fox

Cloud data storage: heavy weather?

The more cyber-savvy lawyer may have noted with alarm a survey published yesterday reporting that up to a quarter of firms using cloud data storage have been subject to security breaches.

Law site Out-Law reports that a survey undertaken by telecoms provider BT found that  ‘26% of the 640 IT decision makers it had surveyed in July had said their businesses "experienced a data breach incident where their cloud service provider was the party at fault"’.

Troubling news indeed for firms and chamber aware of their statutory duties regarding the preservation of client confidentiality, and their obligations under the Data Protection Act (DPA).

With admirably adroit timing, Microsoft has released a position paper which addresses key requirements for lawyers, and set out how Office 365 – a widely-used cloud computing software package – meets these requirements. The paper is intended to complement guidance already issued by the Law Society and the SRA, and it’s worth taking a look.

Some of the key aspects of Microsoft Office 365 which should assist with meeting client confidentiality/DPA obligations include:

  • In order to meet the requirements that data processing is only undertaken in accordance with a written contract, a data processing agreement and EU Model Clauses are included by default in the MS online service terms
  • Outcome 7.10 of the SRA Code of Conduct requires firms to ensure they have agreements with third party service providers that will allow the SRA to access and inspect their data. Office 365 ensures users own all data and retain all rights, title and interest in it.
  • Firms have a duty under Outcome 7.3 of the SRA Code of Conduct to identify, monitor and manage risks to compliance. Office 365 makes available the risk decision and assessment templates based on internationally-recognised standards to help firms develop their risk strategies.

However, it is crucial that firms and chambers go far beyond relying on a position paper from a service provider if they are to safeguard their cyber security. Useful as the MS guidance may be, it is in effect (the cynic may observe) a sophisticated marketing ploy designed to keep customers content.

If lawyers are to truly be content that they are offering their clients a twenty-first century service which exploits the possibilities of legal tech – from eDiscovery and digital bundles to the increased efficiency afforded by Cloud data storage – they must continuously develop and improve their tech strategies. And working alongside litigation support providers such as Legastat should form a core part of that strategy. Papers published online are all very well, but there is no substitute for a close working partnership with legal tech professionals.