In the April edition of the American Bar Association Journal, attorney Matthew Knouff spoke about data security and cloud computing. Knouff, the General Counsel and eDiscovery Counsel for Complete Discovery Source in New York, is an industry recognized expert on eDiscovery issues. In this difficult economy, many law firms have outsourced their data storage to cloud-based companies. While cutting back on the internal IT department saves money, it can also carry risks. In the article “As Bulging Client Data Heads for the Cloud, Law Firms Ready for a Storm,” Matthew Knouff outlines some of the greatest risks firms incur from cloud computing, and what steps they should take to protect themselves.
Matt Knouff advises firms to carefully negotiate terms of service with their cloud providers. Since cloud providers may not have the same commitment to privacy as attorneys, it is up to the law firms to protect their clients and their data. In fact, in the case of a data breach, the firm, not the cloud provider, is ultimately liable. Firms must rigorously investigate the security protocols of their providers and take steps to indemnify themselves in the case of a breach.
In addition, Knouff warns that cloud firms are allowed to turn information over to the government with minimal notice. Attorneys must negotiate a notice provision in order to ensure that they receive prompt notice if the government seizes their data. In the end, Knouff urges law firms to engage in careful risk assessment and mitigation before joining the cloud revolution.