Cloud technology platforms – it’s a legal matter

Delia Venables, Nick Holmes and I go back a long way (remember the old Law Society LOMAT guides Delia, or Computers for Lawyers from Longmans, Nick?) so it’s a great pleasure to be invited to write something for the online version of the Internet Newsletter for Lawyers.

By way of background, at about the same time as Delia first began publishing the Internet Newsletter for Lawyers, I launched a monthly newsletter called Legal Technology Insider, since renamed Legal IT Insider. This has as its mission the objective of keeping the legal world up-to-date with all the latest developments in legal IT and law office automation – and one of the hottest technologies today is the Cloud.

It is interesting to see how over the last couple of years the focus on the Cloud (and the related technologies/concepts of SaaS/software as a service + outsourcing + managed services) has moved from one of complete scepticism “Will it work?” To one of “Yes, we can see it has a role to play.” However, with this acceptance there has emerged an increased awareness that the key issue is not the viability of the technology but the viability of the Cloud-services provider.

This risk has been unfortunately highlighted over the last couple of weeks by the sudden collapse of the outsourcing and managed services provider 2e2, which did have a number of UK law firm customers. In particular, because the company had run out of cash, the administrators were forced to write to customers, giving them little more than 48 hours notice that unless they agreed to pay up (depending on their size) between £4000 and £40,000, they could not guarantee they would ever be able to recover their data from the 2e2 servers. It transpired that 2e2 did not own the servers it used to host its customers data, instead they were leased from another company.

Now, law firms have long been interested (some would say obsessed) with the jurisdictional issues associated with the Cloud and similar services. In a nutshell, EU and UK data protection laws are very strict on where client data is stored, so any Cloud service must be based on servers operating within the jurisdiction – as distinct from hosted on public/consumer Cloud services such as Google or Dropbox, where you have no control over where your data is held. However, the 2e2 affair also shows that even where your data is hosted within the jurisdiction, you still need to know where you stand in the queue if something goes wrong.

What is your service provider’s contractual relationship with the physical location of the servers holding your data? Do they own it outright – as some providers do? Or are they merely leasing space at someone else’s facility? The latter is by far the more common scenario – and in many instances your provider may be leasing server capacity that is being sub-let by another provider who, in turn, is leasing their capacity.

All of which brings us back to where we came. When it comes to Cloud technologies, the key issues now are not technical but legal. Performing a thorough due diligence exercise on the viability and credibility of your proposed service provider is essential.

Charles Christian is a legal IT commentator and speaker with over 30 years knowledge of the industry. He is publisher and editor of the Legal IT Insider global legal tech industry newsletter.