Online Storage For Lawyers?

alharaka writes "I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? My relative is a lawyer with recognition in NJ, NY, CA, and DC; are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"

Re:Why online?

[berend botje]

Almost anything would be better than a stack of floppies. Get the guy two usb harddrives and get it over with. No need to over-engineer the solution.

omfg...

[gandhi_2]

a few bar associations, including Oklahoma, officially endorsed them.

I see.

That is not enough for me.

uh, huh.

Do any Slashdotters have info on this topic?

*head explodes*

Re:Why online?

[fuzzyfuzzyfungus]

Barring(har, har, not intended) poor recent graduates slaving to pay off giant loans and shoestring do-gooder types being paid in peanuts to keep poor kids off death row, I strongly suspect that most lawyers have more available cash than available time or technical expertise.

Copying everything to a couple of USB drives is exactly the sort of thing that is easy to forget to do, and potentially disastrous. Far better to pay a fee that, for a bunch of mostly text documents and some .tiff scans, won't be all that high, and have it done for you.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:A Few Helpful Lists

[Anonymous Coward]

/thread

Re:Well..

[N7DR]

My main concern would be privacy. You start putting confidential client files on the internet, and if anything goes wrong you are looking at a malpractice suit for sure.

I tried to explain that to a local lawyer who wanted to use gmail (unencrypted, of course) for his practice's e-mail. I could never get him to understand that there was anything even remotely wrong with doing what he wanted to do. So now he's doing it.

Just as scary, none of his clients seem to think that it's a problem.

This is one of those times that I just want to bang my head on a wall and scream (to myself, since no one else seems to listen), "Why does no one else get it?"

And by talking to other lawyers here, their backup strategy generally seems to consist of... hope that they never have a fire (or, in some cases, hope that they never lose a hard drive).

You seem to be missing the point

[Minwee]

Half of keeping copies of important documents is being able to retrieve them later on when you need them.

You seem to understand that, which is why you are trying to convince your relative to move his data to a more reliable storage medium.

The other half is in _not_ being able to retrieve them when it is inconvenient to do so. This is why there are floods, fires, mice, lost envelopes, poorly made photocopies and , in this case, corrupt old floppy disks. And as long as you have a storage system which is just barely good enough then you can lose anything you need to and nobody will even blink.

It's all about identifying the client's needs. Give them what they really need, not just what they ask for.

Re:Why online?

[snowraver1]

Every work night, burn the latest snapshot to a DVD and give it to the boss to take home and put in his safe.

HAHAHA hahahahahahahahahaha ha ha, whew. That's funny. Who is loading the dvd drive?

Gather 'round boys and girls, it's story time. My dad was a lawyer for somewhere around 30 years. At the time, he and 4 other partners togeather made up their law firm. Because each of them were essentially seperate from each other, they tended to have their files stored either on their own comptuer, or on their secretary's computer.

My dad was smart enough to know that this probably wasn't the best setup, so he hired an "IT Professional" to fix this problem. The computer guy came in and set them up with a small server which would be a centeral repository for digital files. This server would then do daily (possibly weekly, can't recall) backups. The secretarys would then take the tape home with them over night.

Not a bad setup. This system was in place for several years. One day, one of the secretaries computer's HDD died. The office called the guy that had setup this system for them to have the HDD replaced. What happened next will require a new paragraph.

I get a call that day from my Dad. I was weeks away from graduating from Computer Engineering at a local technical school. My dad calls, clearly upset. Apperantly a while ago there was some problem that they had to call the "IT Guy" for. The "IT guy", in the process of fixing that problem, changed it so that the secretarys computers and I think 1-2 of the lawyer comptuer backed up to one of the secretary's comptuers, and not the server. Well, guess which computer died? You know it, the secretary's computer that was holding the backups it shouldn't have been.

No problem right? They were taking weekly backups and taking them off site. Well... Turns out that in the process of moving the backups to the secretary's computer, he was also preventing that data from being backed up. Essentially, the backups were only backing up 1/2 the data.

So, I'm just about to graduate, I get this call from my dad, and he tells me the story. I tell him what he already knows, no data should be on the comptuers, it should all be stored on the servers and backed up. The next day my dad's firm and the "IT Guy" had a meeting. This guy was scared shitless that he was going to get his pants sued off. Not all lawyers are bastards, my dad and the firm told him to send the HDD to a data recovery specialist and told the IT guy that he would be responsible for the bill. The data recovery was partially successful.

Losing that much data caused real problems at the office. Some lawyers were hit harder than others. My dad got through it just fine. My dad had a system where everything was done in triplicate. Document was saved on computer (1), printed and attached to the client file (2), I'm pretty sure that he also printed a third copy to send to Iron Mountain. When the data was lost, he still had the paper copies, the other lawyers wern't so lucky.

Having seen that, I would recommend printing and filing EVERYTHING. Most lawyers change outragous rates for printing anyways, so why not? So, I would say that you should definately take precautions against data loss, the hard copy should be your real backup.

Re:Encryption

[SirGarlon]

And it would be smart to store the key/passphrase on paper in a safe, in case you get hit by a bus and your partner/assistant urgently needs a client's file. IANAL.

Re:A Few Helpful Lists

[nametaken]

Commercial entities usually love it for a number of reasons.

If my building burns down, they have a copy.

If I get infected with something that wipes out/corrupts my data, they have a copy.

They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

They have facilities specifically designed to safely store my data. I may not.

There are lots of good reasons.

Re:Why online?

[jra]

And *this*, boys and girls, is an altogether excellent example of why professional system administration talent is well worth whatever you have to pay to have it around.

Re:A Few Helpful Lists

[ixidor]

exactly. i did support for a small accounting firm, anyone here felt the pain ofgoing from quickbooks 05,06 to 2008 ... omg that sucked. i had bought them a cheap prepackaged nas box from newegg, around $200. then in the QB2008 documents it says specifically not to do this, 4x the network overhead. so i looked around for online storage. and i have a question related to the lawyer theme, if the data is encrypted in the online storage place, evan if they were to be subpoena'd what would they get ? unusable encryped data chunks. but back to the point, second that about onsite and paper. burn copies to cd or something ok. but mozy is cheap, like $5/month. how is that hard to justify?

Re:A Few Helpful Lists

[Captain Splendid]

If my building burns down, they have a copy.

If I get infected with something that wipes out/corrupts my data, they have a copy.

Yawn. The backup to the backup should be in the managing partner's house. It's ultimately his or her job anyway.

They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

They have facilities specifically designed to safely store my data. I may not.

Talking different levels of money here, that's all. Online storage is cheaper in that regard, but is it worth what you lose by managing it yourself? For a law firm, the answer's no. For most other businesses, the answer's also no, unless you're so magnificently tiny that it just doesn't pay. Which sounds like a pretty slim market to me.

Re:A Few Helpful Lists

[Anonymous Coward]

hint: trial strategy is not protected by privilege if the opposing side does not disclose they have a copy of it.
 

Re:Online != Insecure. Options exist.

[networkBoy]

What encryption does your service use on your end?
What encryption is used to TX/RX the data from the client?
I particularly like the de-duplication aspect, however I don't trust you (as I am sure you do not trust me). Is there any issue with uploading TrueCrypt container files to your service (maximum single file size, etc.?)
Looks good, especially for $1/gig/year...
-nB

Re:Online != Insecure. Options exist.

[alanfairless]

Encryption specs are are here: https://spideroak.com/engineering_matters#encryption_specifications [spideroak.com]

We like to say that trust isn't necessary because we're incapable of betraying our users. It's makes good business sense too. We don't want to spend our time answering subpoenas. :)

To add your own layer of encryption, you can archive container files or whatever you like. No limits. If you a sector based encrypted disk image, SpiderOak will be able to efficiently snapshot it between versions, giving you history and only saving the changes between revisions.

If you want a layer of additional local control, there's a "Keep your own copy" option where SpiderOak will put a copy of every encrypted data block on your own server, so you can manually inspect them if you wish (and have offline/local access for very fast restores.)