Law Firms in the Clouds
Of course, the words clouds, clouding, in-the-clouds. cloudy, and so forth, even rain cloud, apply to law firms for all sorts of reasons, so one must be clear when the discussion regards things cyber-istic, and so forth, as opposed to more established meanings. Nevertheless:
Law firms and the Clouds
"Computer Clouds" are like computer based electronic, information storage set-ups. They are used by many types of business organizations. Large law firms are switching over to them to approach being a Paperless Office. (See the very helpful elementary book on this topic authored by Benjamin F. Yale and published by the ABA in 2012.) Mr. Yale was an undergraduate at Yale, did his law school studies at Northern Ohio and has spent a good part of his adult life being an agriculture lawyer with a specialty in dairy insurance. This fact is worth mentioning because he has worked for very large organizations that store lots of data and therefore probably knows what he is talking about pp. 127-28, where Mr. Yale has created a compare-and contrast chart for "Cloud Root Storage Options" with those of the Traditional kind."
Another helpful book--a long pamphlet really, by three authors-- entitled ASTAPORE SPECIAL PROJECT: UNDERSTANDING THE LEGAL RIGHTS OF CLOUD COMPUTING--NAVIGATING THE NETWORK SECURITY AND DATA PRIVACY ISSUES ASSOCIATED WITH CLOUD SERVICES (2012). This book lists an array of problems, components of due diligence, and some of what should be in contracts between providers and users.
Clouding Business
An astounding fact is that amongst all the huge literature on "clouding" activities there is either next to nothing (or very little) about the role of insurance in the domain of cyber-clouds and almost none of it is about the characteristics of what might be called "Cloud Policies" and related topics. Aside from an article in FORBES, which is a dead end with regard to these topics, and maybe an ad on the Internet for Accenture, a management consulting firm, there is less than slim pic'ens
So far as law firms are concerned, I have found no advertisements regarding their use of clouds and relevant insurance, except for a few cursory and shallow ones. Still, there is a fairly interesting set of essays by Roberta D. Anderson,* and it contains a squiggle of material about cloud insurance.
[*Anderson is at K & L Gates, a law firm, and her essays can be found at 12 Insurance Coverage Law Bulletin ## 4-5 (2013) and on the Internet. The journal is in a private for-profit publication that costs approximately $500 a year. In any case, Anderson cites several well-known non-cloud cases and some other secondary sources. Nevertheless, only some of her discussion are, as it were, on the clouds. [I promise not-very-often in the future to use this type of phraseology. For example, I promise that the title of the next short section will not be "Cloudy Insurance."]
Clouds and Insurance
I** have located only three announced-to-be-relevant and therefore potentially relevant cyber policies and none of them are explicitly--in defined terms--about the activity in, about and around the clouds. [Alas! Failed already!]Of course, there may be more policies and secondary sources, [I** I just haven't found them yet.] The three that have been found are (1) ACE DigiTech(r) Digital Technology & Professional Liability Insurance Policy, (2) XL ECLIPSE PRO(tm) 2.0, and (3) Ace Privacy Protection(r)[:] Privacy and Network Liability Insurance Policy. Perhaps I will review at least some of them later.
[**Really it is the computer savvy,office managing-paralegal, Stephanie Rodriguez who found both the policy and the Anderson articles. I get the credit for the two books. ]
Obviously, there are--or are going to be--several different kinds of policies, as there always are. One will be the cloud provider's liability insurance (with its endorsements = amendments). The providers may also want some first party coverage.
The second type of policy will be a first party insurance policy for the user; it will cover many things. One type of coverage will be for assorted perils damaging data already collected (analogous to wind and/or rain damage). Another will be injuries suffered from foul-ups by the user, and there will be many types of these problems covered, including virtually all of those Yale sets forth or what are to be found in the Aspatore pamphlet.
Next, there may also be liability insurance for errors on the part of the user; those errors might include: provider selection, not having performed due diligence, using the wrong outsourced helpers, not making property disclosures to clients, failing to obtain a satisfactory contract.
Clearly the problems of lawyer liability insurance must be directed toward clients, so that potential liability should be included in legal malpractice policies, and the right people--those with the right range of knowledge, for example--should be those who select appropriate policies. This point is applicable whether the lawyer is representing the provider, the user, or some other relevant entity. (Of course, there may be other kinds of for-lawyer policies focused on other sources of lawyer liability.)
It should also be mentioned that the right kinds of lawyers should be advising clients as to which policies they should obtain for themselves.
I will review the lengthy and complex XL policy sometime in the future.
No comments:
Post a Comment