With its move this month into cloud-computing versions of its stalwart desktop Office applications, Microsoft is bowing to a rapidly escalating trend. Increasingly, businesses are demanding cloud-based versions of enterprise applications. Applications that run in the cloud or that are delivered as Software-as-a-Service make enormous sense. They can be deployed anywhere, require no installation or maintenance, are always up to date, and are scalable to match virtually any size need.

To an ever-expanding extent, this trend is reaching into the practice of law and, notably, into the field of e-discovery. For Catalyst clients, this may sound like preaching to the choir. Catalyst was a pioneer in the use of the Internet to deliver e-discovery products and services. Use of the “cloud” to deliver litigation support software and secure repositories has been the Catalyst model since its inception well over a decade ago.

With any evolving technology for lawyers, questions arise about how it fits into the professional and ethical obligations that lawyers are bound to uphold. On the subject of cloud computing, lawyers have had little in the way of explicit guidance. That is now changing thanks to a recent ethics opinion that proposes to endorse lawyers’ use of the cloud.

The April 15 opinion was published by the Ethics Committee of the North Carolina State Bar. At this point, it is only a proposed opinion. As is its standard procedure, the committee is seeking comment from lawyers and the public before recommending a final opinion to the State Bar Council. You can read the opinion here: Proposed 2010 Formal Ethics Opinion 7 (you will need to scroll down on the page).

The question it addresses is whether a law firm may use SaaS “given the duty to safeguard confidential client information, including protecting that information from unauthorized disclosure; the duty to protect client property from destruction, degradation, or loss (whether from system failure, natural disaster, or dissolution of a vendor’s business); and the continuing need to retrieve client data in a form that is usable outside of the vendor’s product.”

The opinion answers the question in the affirmative, “provided steps are taken effectively to minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including file information, from risk of loss.” At the same time, the opinion adds, “the law firm is not required to guarantee that the system will be invulnerable to unauthorized access.”

The proposed opinion goes on to suggest “best practices” that a law firm should follow when contracting with a SaaS vendor. Specifically, it recommends a set of questions that a lawyer should ask in order to conclude that any risk is minimized. These include asking about the vendor’s history and financial stability, reviewing the vendor’s systems for data storage and security, and carefully reviewing user agreements, terms of service and the like.

In a 2008 ethics opinion, the North Carolina State Bar had already endorsed lawyers’ use of online document repositories as a means of transmitting documents to clients (2008 Formal Ethics Opinion 5). This latest SaaS opinion is a further recognition that lawyers need have no ethical concerns about cloud computing, provided they exercise the same degree of care they would whenever they work with confidential information and client documents.