Stacked3Here is my recent Daily Record column. My past Daily Record articles can be accessed here.

****

The Risks of Using Dropbox for Client Files

Years ago, after the American Bar Association published my “Cloud Computing for Lawyers” book, I was often asked to speak to lawyers about the benefits and risks of implementing cloud computing in law offices. At the time, most lawyers weren’t sure what cloud computing was but were nevertheless confident that they didn’t trust it and didn’t want to adopt it into their firms. 

Conversely, most of them were already using it and just didn’t realize it.

I know this because I would often begin my talks by asking how many people in the room used cloud computing tools. Inevitably only a few attendees would respond affirmatively. Then, I would ask how many in the audience had shared files using Dropbox, and at least half of the people in the room would raise their hands. In other words, most lawyers were using cloud computing, whether it was Dropbox, Box, or Gmail, and simply didn’t realize it.

Fast-forward to the present day, and how times have changed! According to data from the 2022 MyCase Legal Industry Report, the vast majority (80%) of legal professionals surveyed reported that their firms had cloud computing tools in place in their workplaces post-pandemic. Before the pandemic, most survey data showed that cloud computing adoption in the legal profession had remained stable for a number of years at just under 40%.

Despite the increased adoption, the risks associated with cloud computing haven’t changed. As part of your duty of technology competence, it’s essential to carefully vet cloud providers to ensure that your firm’s confidential data is securely stored and encrypted. Whenever you entrust your law firm’s data to a third party you must ensure that you fully understand the procedures and protections in place. This duty includes obtaining information as to how the data will be handled by that company, where the servers on which the data will be stored are located, who will have access to the data, and how often and when it will be backed up, among other things.

Also important is ensuring that the software you choose has features that will protect your client data and that you and your employees receive the necessary training and are familiar with the program’s features. The failure to provide proper training and choose a secure platform designed for law firms that includes the features needed to protect confidential data can have unintended consequences.

Case in point: a recent disciplinary reprimand issued by the Indiana Supreme Court. At issue in Matter of James H. Lockwood, Supreme Court Case No. 24S-DI-319 (online: https://www.in.gov/courts/files/order-discipline-24S-DI-319.pdf), was the respondent’s failure to secure client files stored in Dropbox. 

Specifically, Lockwood had represented a client in a protective order case, and that same client had also worked at Lockwood’s firm for several months as an unpaid non-attorney assistant. During that timeframe, Lockwood provided the client with a Dropbox cloud storage link that provided access to firm materials and client files. The client stopped working for the firm in January 2023, but Lockwood failed to secure or deactivate the Dropbox link, which remained active and unsecured at least through May 2024.

Based on that conduct, the Court concluded that he had violated Indiana Professional Conduct Rules 1.6, which prohibited “revealing information relating to representation of a client without the client’s informed consent.”

This mishap could have been prevented by using software specifically designed for legal professionals. Legal-specific tools address lawyers’ ethical obligations and ensure compliance with confidentiality and data security requirements. These cloud tools often include features like encryption, controlled permissions and access, and activity tracking to ensure client information stays protected.

The lesson to be learned: if your firm still relies on general-use software like Dropbox, it’s time to reconsider your choices and transition to tools designed specifically for legal professionals. Legal-specific platforms address the unique needs of law firms, offering the security and compliance features needed to protect client data and conform to professional standards. Now is the time to make this change to protect client data —- — and your law license — from unnecessary and preventable risk.

Nicole Black is a Rochester, New York attorney, author, journalist, and Principal Legal Insight Strategist at MyCase, CASEpeer, Docketwise, and LawPay, practice management and payment processing tools for lawyers (AffiniPay companies). She is the nationally-recognized author of “Cloud Computing for Lawyers” (2012) and co-authors “Social Media for Lawyers: The Next Frontier” (2010), both published by the American Bar Association. She also co-authors “Criminal Law in New York,” a Thomson Reuters treatise. She writes regular columns for Above the Law, ABA Journal, and The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law and emerging technologies. She is an ABA Legal Rebel, and is listed on the Fastcase 50 and ABA LTRC Women in Legal Tech. She can be contacted at niki.black@mycase.com.