Wednesday, November 13, 2013

Is your firm in compliance with the Personal Information Protection and Electronic Document Act (PIPEDA)?

Is your firm in compliance with the Personal Information Protection and Electronic Document Act (PIPEDA)?  Never heard of it?  Well, if your computer data is stored in the Canadian province of British Columbia and subject to the provincial laws of British Columbia (as it is, of course, with Clio), you might want to find out!

While every state that has looked into cloud-computing has given it the O.K., this approval was not a carte blanche – but imposed the duty upon the attorney to do their due diligence into how and where that data was stored and how it was accessible.  See, e.g., Iowa State Bar ethics opinion 11-01.  This includes knowing how and where the data is stored.

Ironically, in summarizing the problem for Canadian lawyers, it was the Law Society of British Columbia that best stated the issue American lawyers using a foreign company face as well:

There are several problems with lawyers having their business records stored or processed outside British Columbia. Lawyers have a professional obligation to safeguard clients’ information to protect confidentiality and privilege. When a lawyer entrusts client information to a cloud provider the lawyer will often be subjecting clients’ information to a foreign legal system. The foreign laws may have lower thresholds of protection than Canadian law with respect to accessing information. A lawyer must understand the risks (legal, political, etc.) of having client data stored and processed in foreign jurisdictions.  Report of the Cloud Computing Working Group, The Law Society of British Columbia, pg. 8 (27 January 2012).

Online Legal Software maintains its primary and backup servers in the Midwestern United States.  We don’t play games with choice of law or venue selection clauses that force you to go to inconvenient (or foreign) courts.  The choice is clear.   

No comments:

Post a Comment