Cloud storage services provide tremendous convenience by allowing the mobile lawyer to store data on Apple’s cloud servers and access it via iPad, iPhone, OS machines or PCs. However, lawyers considering the use of iCloud to store and transmit confidential client data would be wise to review the iCloud Terms of Service (“TOS”) to assess whether they believe the iCloud TOS provisions are sufficient to comply with the ethical requirements for protecting client confidences.
Conceptually, cloud storage providers are analogous to copy services and other litigation support businesses to whom lawyers entrust confidential client information. Such outside service providers are considered to be non-lawyer assistants under Model Rule 5.3 which states that lawyers have an obligation to ensure that the conduct of the non-lawyer employees they employ, retain or become associated with is compatible with the professional obligations of the lawyer:
Model Rule 5.3 provides that a lawyer retaining such an outside service provider is required to make reasonable efforts to ensure that the service provider will not make unauthorized disclosures of client information. Thus, when a lawyer considers entering into a relationship with such a service provider he or she must ensure that the service provider has in place, or will establish, reasonable procedures to protect the confidentiality of information to which it gains access, and moreover, that it fully understands its obligations in this regard.
Potentially Problematic iCloud TOS Provisions
For the most part the iCloud terms of service appear to be reasonable. See http://www.apple.com/legal/icloud/en/terms.html However, the following provisions should give lawyers pause:
“You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.” See iCloud Terms of Service.
The iCloud TOS vests Apple with tremendous discretion to decide whether to disclose a users’ data. Further, there is no provision requiring Apple to notify the iCloud user before any disclosure of confidential client information is made. Without the safeguard of a provision requiring prior notice by Apple of an intent to disclose user information to third parities (so as to allow for legal challenge of the release), this lawyer’s assessment is that the iCloud Terms of Service do not provide adequate assurances that client information will be kept confidential. Accordingly, I only use iCloud for the transmission and storage of non-confidential information. Do you think that I am being too conservative in this regard? Your comments are appreciated.