Online Storage For Lawyers?

alharaka writes "I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? My relative is a lawyer with recognition in NJ, NY, CA, and DC; are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"

Why online?

[captaindomon]

Why online storage? Why not just copy everything to a couple USB drives and then backup off-site occasionally with DVDs? It's not like we're talking about a lot of storage, they're probably just text documents mostly, right?

Insolvency, deletion, and encryption

[Beryllium Sphere(tm)]

Questions to ask, if you're sure that online is the right approach:

Will customers have access to their data when the service provider goes out of business? If so, how much delay will be involved? ("You can have your data when we get the server back from the repo man").

There may be some standard telling lawyers to use reasonable care when handling privileged information. If there is, then by today's standards I'd personally argue that reasonable implies encrypted.

Is deleted data really deleted? Does it live on in backups? Is it like Google, where ghosts of departed data linger in the cloud?

The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information. I hope they're doing better now.

Re:Just a few cents of advice (not an actual value

[Qubit]

if GoogleArchive (or whatever) gets a subpoena, can they (be required to) surrender your whole legal strategy to the prosecution?

As far as I understand it, attorney-client privilege is stronger than doctor-client privilege -- in fact, I'm not sure if there IS a stronger commitment our laws have to privacy and confidentiality.

If a lawyer is a ridiculous n00b and uploads unencrypted data about a client to an online service, my guess is that even though he was an idiot for doing such a thing, the court would still recognize that as being protected client data and would rule it inadmissible. I mean, it might show up as front page material if it leaks, but theoretically the court wouldn't take that information into consideration.

probably rather easy to move to .pdf (which I'd say would be the higher priority)

If all you have is images or hard copies of documents, then scan them to PDF, but if you have text files, I'd suggest storing both PDFs (to retain the precise markup) as well as text/wordperfect/OOo/whatever. It's difficult to do PDF editing and/or full-text searching across lots of docs (although I hear that FOSS tools to do both are getting better).

Re:A Few Helpful Lists

[quantumplacet]

You do know that you can back up to a 3rd party and still maintain sole access to the data, correct? All of our backups are encrypted using a 448bit key that only we have access to. If our backup provider is subpoenaed they can give all my data to whoever they want, it's just a meaningless binary blob.

Re:Well..

[Anonymous Coward]

I understand your concern regarding email, but I think the real issue is that lawyers should NOT be using email for anything that's even remotely related to privileged, or even confidential information. More than likely your lawyer already knows that, and that's why he doesn't care one bit about email security. You're under the mistaken assumption that you can control/secure email. The fact is that you can't. The only way to secure email communication is by encrypting the message, and at that point, it shouldn't matter who you're using for email. But you're rarely going to find a client who's willing to deal with the headache of encrypted email, so in the end, the only time you discuss privileged information is in person.

Re:A Few Helpful Lists

[DiegoBravo]

> I've never understood the online storage appeal for just about any commercial entity, but for a law firm, that just ain't gonna happen.

I have the theory that lawyers get seduced by the seals stamped on papers -and like gamers, the have a special appeal for the more 3d ones- (obviously, digital firms are not understandable nor artistic, so any kind of digital storage is secondary.) That "seduction" is so strong that they yet carry the idea that more seals = more authentic.

Re:A Few Helpful Lists

[Chabo]

If they do that, then the information is protected against attorney-client privilege. Practically no judge would allow that privilege to be broken, so any warrants given under those circumstances would be thrown out.

Re:Why online?

[brtech]

One good story deserves another, from several years ago

There was this medical device manufacturer. It had an older product, pre-microprocessor. One day, the FDA came for an inspection. When they do that, they usually send at least one person with clue, but they cross train other people and send them too. On this inspection, one of the inspector's regular job was inspecting galleys in ships (another FDA function you may not know about). This guy had been cross trained.

So, they are walking down the manufacturing line, and the employee shows them the board from the product. One of the chips has a label on on. The inspector says "PROM"? Meaning, is that chip a programmable read only memory (like today's flash, but usually one time programmable and a lot smaller). The employee says "Yes, that's a PROM". The inspector says "Checksum?" and the employee says "yes, the checksum is on the label". The inspector says "Verify?" and the employee takes the board, pulls the chip, goes over to the programmer, plugs it in and verifies that the checksum is valid.

The inspector says "Source Code?". The employee is a bit stumped. He goes away to ask some engineers who were around for a while, then goes to the manufacturing engineering guys and finally goes back to the inspector and asks them to accompany him to a storage room.

In the storage room, there are a number of 4 drawer file cabinets. The employee searches around, and finally finds the right file.

The file has the right build data on the cover. He opens the file and triumphantly removes the floppy disk with the source code on it.

An 8" floppy disk.

You know what's coming right?








No 8" drive left in the company.