Technology Attorneys

H1B Transfer: Layoffs and Getting a New Employer

H1B layoffs greatly disrupt the plans of foreign nationals who work in the U.S. with an H1B visa. In the past, there was no grace period for H-1B workers to find new employment or even to sell or otherwise dispose of personal property. However, with new regulations that took effect on January 17, 2017, foreigners who found themselves in this situation were given a 60 day grace period after their employment is terminated.

How to Go About A H1B Transfer

In an even of H1B layoff, here are some steps to take:

  • Relax: Try as much as possible, not to panic. After all, you still have a valid visa, and your stay is still legal. Although you are out of a job, your stay cannot be termed “unlawful presence.” This is because the date on your I-94 document rules the question of “unlawful presence” for purposes of the three and 10-year bars. So since the date on your I-94 document has not lapsed, then you are not accruing unlawful presence.
  • Hunt for A Job: This is key. Your job search must start as soon as theH1B layoff occurs. Make job hunting a full-time job. It is important that you invest time and energy into getting a job during this period of time.
  • Stay Legal: Try as much as you can to maintain legal status. If your H1B was revoked by your former employer as at the time of your H1B layoff, then it is imperative that you file for a B-1/B-2 change in status as soon as you can. You will need financial evidence of your ability to stay in the country. You will need an itinerary that outlines your intent to leave the country at the end of the new status. In the event that your H1B status was not revoked as at the time of the H1B layoff, try to find a new employer then file a change of employer petition. However, if finding a new employer and getting a change of employer petition filed within thirty (30) days becomes impossible, then it is advisable that you apply for a change of status to B-1/B-2 visitor status.

Finding New Employment

H-1B workers are sometimes allowed to work with a new employer without waiting for their H‑1B petition to be approved. However, they must meet the following requirements:

  • Legal admission to the United States
  • Previous ownership of H-1B status and no illegal work since their last lawful admission to the country.
  • The filing of a non-frivolous H-1B petition by the new employer


H1B transfers can be daunting for foreign workers. Most of these challenges stem from not being able to know enough about the process. Hopefully, with the directions in this article, you should be able to navigate the situation.

Force Majeure Clauses

Bet you never read one until now…

               Force majeure clause.  It’s one of those boilerplate paragraphs that no one reads until, you know… now.  It’s one of the first things I was asked, as an attorney, about the pandemic and contractual obligations on a contract.

               A force majeure clause (“force majeure” is French for “superior force”) it is a contractual provision that excuses performance in the event of extraordinary, unforeseeable, and unavoidable circumstances which prevents one or both parties from meeting obligations defined in a contract. It serves to excuse parties from contractual duties due to forces beyond their control.   Generally, it accounts for natural disasters, social unrest, etc. 

               At the moment, there are arguments on the classification of COVID-19 as a force majeure event; however, this is difficult to define. What is important to note is that this novel virus has changed workplace dynamics globally. Travel bans, curfews, and quarantines have forced millions of employees all over the world to work remotely.

Force Majeure and COVID-19

               In the wake of COVID-19 many companies’ struggle to fulfill their contractual obligations because of supply chain management issues, lockdowns, the need to downsize workforces, and the embargo on travel or the movement of goods across the interstate or international borders. In extreme and unexpected circumstances like these, contractual force majeure clauses might be used to justify voiding contractual obligations, especially when such scenarios are overlooked in the drafting and negotiation process.

               Amidst the coronavirus pandemic, many employers are now faced with major disruptions to their business operations. Boardrooms are now forced to make difficult decisions that affect their employees: hiring, layoffs, furloughs, and compensation.

               Employers who do not have remote work models are currently being forced to create them. These flexible working policies, which include the use of technology, enable their employees to work from home efficiently. Health concerns in the face of the pandemic make this imperative.

               Several of the tough decisions taken by business management will implicate written employment contracts and collective bargaining agreements that contain “force majeure” clauses.

Force Majeure and Remote Work

               Lots of employee contracts do not make provisions for remote work. Yet this is a compulsory outcome in the wake of the coronavirus. What’s more interesting is the definition of what a force majeure event is at the moment.

               A lot of force majeure clauses are not expressly clear on terms like “pandemics,” “epidemics,” or “quarantines” as events that might trigger said clause. Yet in some quarters, a natural disaster may qualify as an “act of God” that is beyond the control of the party in question. The question then remains if COVID-19 can be defined as an “act of God.”  Interpreting the terms of the force majeure clause in this context is tricky and will have a lot of grey areas. For instance, justifying loss or using reasonable efforts to continue to execute the terms of a contract may include allowing employees to work from home or the facility to provide services remotely. In the event that the contract can be performed remotely, this option may prevent the force majeure clause from being activated


               A little foresight can help you through some tough scenarios.  Boilerplate clauses are not there for the sake of beefing up a contract.  While many do have standard language, they are just as important, if not more than any other term of a contract.  Make sure you review them properly. 

Contracts and the Art of Tea Leaves

Take a seat, show me your contract and I’ll tell you about yourself.  I may even be able to tell you your future.  Legal psychic?  Maybe or maybe I have read enough contracts in my career that there are indicators, tells, and if I couldn’t, then I wouldn’t be a great advisor.


I really do enjoy reading and drafting contracts.  To me, a contract is a story unfolding and every contract has a spirit.  Most recently, I created an agreement for a client and as I was drafting the contract, I was visited by the ghost of contracts past.  All the good and bad that have happened with every contract before this one shaped this contract.  (I’m looking at you evergreen clause that traps businesses in services they don’t want…)


At this point, I’ve lost some with this narrative, but those of you that stayed can appreciate that I have a personality just like my clients do.  It is my job, to reflect that personality and the culture of the company in every contract I touch.


Here are a few things I’ll look at when drafting a contract:

  1. First, is it the right contract? I know this goes without saying but some lawyers either don’t understand the deal or try to make a square fit in a round peg.  For instance, you don’t want a license agreement when you are really entering into a reseller agreement.  Also, sometimes you may have two different transactions with the same parties.  IT’S OK to have two separate contracts.  Why bind yourself to both when maybe only one transaction will actually be successful?
  2. How one sided is the contract? Is it all about the take and no give?  Fun fact, bigger companies tend to have more fair contracts than smaller companies.  I can read a long contract and have two comments and then read a 10 page contract that I completely mock up.  Why?  Big companies understand that it takes a lot of time to negotiate every point.  They want a mutually beneficial relationship and don’t look to make money on damages.
  3. Which brings us to the next point, liquidated damages. BE CAREFUL here.  They are often inflated and have no direct corollary to actual damages, and more than likely will not hold up in court.
  4. Boilerplate paragraphs aka ‘standard paragraphs’ which may, in title, be standard in contracts but their terms are anything but. Jurisdiction, venue, attorney’s fees, even assignment clauses.  A business dispute will absolutely turn on these so called standard paragraphs and I have gotten to many settlements because the standard paragraph overcomplicated the dispute.  (I will delve into more of these in later posts because jurisdiction is a fun one.)
  5. And of course, the substance of the deal to make sure it is reflected correctly and the right warranties, limitation of liabilities, IP rights, etc are memorialized. Also, that the contract has the right cash flow for the business holder because that is imperative for operations.


Every contract embodies the spirit of who you are as a company.  It is about leverage and negotiating power.  If you make your contract fair and concentrate on the art of the deal, you set the stage for a healthy business relationship; hopefully a long term one.


Don’t download your next contract from the internet, contact us today for contracts that showcase you and get you paid.

What’s in a Name? EVERYTHING!

Congratulations on your decision to start a new business (and your subconscious decision to forego sleep…)!  Deciding on a business name might very well be the most important decision you make; it can make the difference between a strong branding campaign or perhaps (gasp!) having to change your name.

You name/brand will, of course, be your product or service name, but also your domain name and often your corporate name (you are incorporating, right?).

So, before you choose your name, consider the following:

  • Choose a Unique Name
  • Make the Name Brief
  • Make the name memorable and easy to spell

1) Choose a Unique Name. When you select a business name you are really branding your business.  Branding isn’t just for the big boys, it is crucial to any business as it can give you a competitive edge in the marketplace.  After all, you need to make it easy to find you.  A brand is “A name, term, design, symbol, or any other feature that identifies one seller’s good or service as distinct from those of other sellers.”  In other works, a trademark.

2) Make the name brief (three to six words).  Long names are hard for customers to remember.  You want customers to remember the name AND be able to tell other people what it is. It is also important that the name be short for promotional purposes e.g. domain names, business cards, displays or advertising ads. Which can ultimately save you on cost for advertising, printing, etc.

Try to make the name descriptive of your product or services, but not too descriptive.  If the name is descriptive it can actually draw business to itself.  It makes it easier for potential customers to identify the type of business and locate you, especially if you are just starting out.  On the other hand, if it is too descriptive, you run the risk that the trademark office might reject your trademark application.

4) Make the name memorable and easy to spell.  Potential customers need to be able to remember your business name. They also need to be able to find it easily if they’re looking for it online or in a phone directory.

There are legal implications to consider when selecting a name for your business.  You must make sure to avoid misleading names.  Avoid names that are similar to other companies as to avoid any trademark implications.  Also, do not imply professional credentials that do not exist for example if you are in the health care field but are not a medical doctor do not include MD in the name meaning to imply such.

Once you have a name in mind it is best to research the potential name to make sure it is not already in use.  There are several was to research potential business names.  Some suggestions are:

  1. Popular Search Engines
  2. Patent and Trademark Office
  3. Local business directories in your market (public library or business license offices).
  4. Department of State


IMPORTANT:  Just because the domain name is available and/or the name is available with your department of state does NOT mean there isn’t a concern for trademark infringement.  We will talk more about this later, but it is important to research the name or consult a trademark attorney before settling on a name.

Contact Us Today Regarding Your Intellectual Property



According to the definition by the American Marketing Association, the legal term for brand is a trademark.  While that may be true, and brand may not be possible without a trademark, a brand should be viewed as more than that.  Saying that a brand is a trademark seems too passive, as if merely registering a mark, or marks, is enough to maintain one’s brand.  On the contrary, the owner of a brand has to be very active in building and policing that brand in order to build up good will in that brand and its marks, increase value in the market and avoid losing those marks and/or market share in the marketplace.  In this article, we will explore the steps a brand owner needs to take in order to build and protect their brand online with the advent of social media.

The first step to brand protection is to own the intellectual property.  While the laws of the Internet are sometimes slow to progress, protection of intellectual property is the best offensive to protecting the brand online.  While one way to do that is to register the trademarks, such as name, logo or slogan, another great protection is copyright registration.  Whether it is to register articles, blog posts, designs or even the website, copyright protection is part of protecting the brand offering and another line of attack against infringers.

Why is brand protection so important?  It is easy to get lost in the massive amounts of information online, but at the same time, it can also be easy to differentiate from the rest through effective branding.  Social media and social networking are especially suited to developing and maintaining the brand.  Done the right way, connect to consumers, build a following and then remain relevant as the market changes.  Doing so will help create customer loyalty and make it easier to sell existing and new products and services. At the same time, it can control any likelihood of confusion in the marketplace with other products, avoid dilution and more importantly genericide, and even control the cost of marketing.  Branding online can also make it easier to quantify the return on investment.  Social media allows one to monitor online campaigns. By using certain tools one can see what is and is not working in the online marketing strategy and make changes accordingly.

The effects of not monitoring the brand or letting someone else dictate how the brand is portrayed online can be devastating to the company.  It is unnecessary to point out how every marketing dollar counts.  The effects of brand abuse will bring a decline in revenue and more marketing dollars to offset the damage.  Moreover, by allowing competitors or even consumers to use the mark generically or in ways that are not unique to the brand, can risk the mark getting cancelled in the Trademark Office for becoming generic.  Next time you have a headache and turn to your trusty aspirin, take a moment and consider that aspirin was once a trademark.

Examples of Brand Abuse:

  • Keyword or PPC Abuse;
  • Cybersquatting;
  • Defamation;
  • False Association, etc.

Contact Us Today to Talk about Your Brand Protection


Don’t Be a Robot: You Cannot Automate Your Ethical Considerations

As published in the New York State Bar Association Corporate Counsel Inside Newsletter Winter 2016.

I could say that today’s lawyer faces a myriad of challenges when it comes to staying abreast of emerging technology and client considerations, but let’s face it, every generation has its challenges.

A few years ago, I wrote articles and spoke on panels regarding Cloud computing and I hope you paid attention. Cloud computing is now the backbone of most emerging technologies out there. More and more, technology vendors base their platforms in the cloud. It is cost effective, mobile, and more secure.

To illustrate it in simple terms, have you noticed the trend of diminishing hard drives and cell phones that come in 32GB models? Do you wonder why? Simply, the trend is to now store everything in the cloud and for good reason. TECH FAILS. The only thing that can help you avoid data loss is redundancy. Sure, you can store your information on a local hard drive but you are doing your clients a disservice by not storing data in the cloud.

To address the mounting concerns and opinions regarding the legal profession and technology, the American Bar Association drafted a model rule in which it is imperative that the attorney stay abreast of legal trends. No longer is ignorance of technology an excuse for not fulfilling your ethical obligations. On March 28, 2015,  the New York State Bar Association agreed by adopting a variation of the ABA’s model rule 1.1 pertaining to competence:

To maintain the requisite knowledge and skill, a lawyer should (i) keep abreast of changes in substantive and procedural law relevant to the lawyer’s practice, (ii) keep abreast of the benefits and risks associated with technology the lawyer uses to provide services to clients or to store or transmit confidential information, and

(iii) engage in continuing study and education and comply with all applicable continuing legal education requirements under 22 N.Y.C.R.R. Part 1500.

In other words, lawyers cannot be ignorant of technology in their practice or, even, their day-to-day lives because our ethical obligations do not stop when we leave the office. We carry around our laptops, cell phones and various points of electronic vulnerabilities so that we need to be vigilant. Vigilant in terms of password protection, knowing how to wipe your data remotely and even checking the permissions of a mobile app you are downloading.

Notably, the rule says benefits AND risks. I am an early adopter. I like technology and we have a rapport. That’s not to say that I think that all technology is for everyone. Part of your ethical duty is knowing your limits. Just because a software boasts of all the bells and whistles, if you can’t learn the software (it may not be you but them), don’t use it. You are putting your clients at risk because you know just enough to be dangerous.

For a moment, let’s take a step back in time. Let me take you, once again, through the basics of cloud computing. In simple terms, cloud computing is any data that does not reside on your hard drive or on your local server (if you have servers in your office). The first iteration of the cloud is voicemail. Answering machines were replaced with voicemail, which meant that your messages were stored on a remote server that required you to use a code to retrieve them. Although this was a shift in where personal and official information was stored, I cannot remember anyone wondering whether this would be an issue of confidentiality or otherwise.

In the various local and state bars you will find more than a handful of opinions about the cloud and technology in general, and I think, it all boils down to the adopted rule above. Use technology. Your clients and your practice demand that you do but be smart about it. Know the risks. What I find the most interesting, and seems a bit counterintuitive, is the relaxing of the rules when it comes to legal practice and ethical obligations. This, by no means, reflects on the relaxation of our ethical obligations but in a testament to the evolving technology.

When lawyers began to use third party emails such as Gmail, the question was whether there were ethical issues with using unencrypted email. If you’ll recall, there were vendors (and they probably still do exist) that sell encrypted email platforms, one that requires authentication to open the email. Not to say there isn’t a place or a reason for this, but not many of us would need that level of security. It is also cumbersome and delays pertinent information to your client.

So how do the courts view this use of the cloud? An opinion rendered in 1998 in New York State said that a lawyer may use unencrypted email to transmit confidential information since it is considered as private as any other form of communication. The reasoning was that there is a reasonable expectation that email will be as private as other forms of telecommunication. However, the attorney must assess whether there may be a chance that any confidential information could be intercepted. For example, if your client is divorcing his or her spouse, an email that both spouses share, or even an email to which the non-client spouse has access, should not be the method of communication. The attorney must seek alternate methods of communicating.

Gmail will also scan keywords in your email and provide relevant advertising. For instance, if you were discussing shoes in an email, the email service provider would tailor ads when you were in the email inbox and you would now be receiving advertisements for Zappos or any other shoe vendor. After all, nothing is better than a captive audience.

So, the question now becomes whether a lawyer can use an email service that scans emails to provide computer-generated advertisements. The New York State Bar Association opined in Opinion 820 (2/8/08 (32-07)) that, yes, it was okay, since the emails were scanned by machine and not by human eyes. If the emails were read by someone other than sender and recipient, the opinion would have certainly been different.

Which now brings us to emerging technologies. This can come in so many different forms such as keyword searches to automated documents to utilizing big data (i.e., databases of information) to gain an edge over your adversary. We are all familiar with these concepts in one form or another such as HotDocs, OCR, and litigation review platforms but the technology continues to be more sophisticated and more intuitive. Even to the point that there are services out there marketing to in-house counsel that their software can review contracts and technologies that will help you parse together a contract, all at the click of a button.

How ethical can this be and where is the line of streamlining legal fees for your clients and just malpractice?

Pursuant to ABA Rule 5.4, a lawyer, when advising his or her client, must exercise independent professional judgment.

The rule of thumb being, you can use technology up to a point. The attorney still needs to review the work product and maintain a level of control over the final product. You can use technology as it was meant to be, a tool, but you are the one representing the client. It is up to you to present independent legal counsel to them. The technology is there to help you help your client.

Some of the best practices in utilizing emerging technology is sourcing the right technology for you and your practice. What will help you in your field to best represent your client? This could mean document automation, an online docketing system or an online intake platform. Also, recognize whether your clients will be open to this technology. After all, if your clients won’t want to use this technology, you are now hindering your representation of them.

You should also be careful to vet your technology vendors. What is their reputation? Where do they store your information and how can they ensure the confidentiality of your client’s information? These are all questions that need to be addressed. Vendors that service the legal industry should easily be able to give you the answer to these questions. Read their terms of service. If you don’t like something, negotiate. We are lawyers, after all!

And, most importantly, if you decide to discontinue the use of the software, what will become of your data? Is it data you’ll want to export out or ensure that it is destroyed?

The New York State Bar Association Ethics Opinion 842 offers some guidance on choosing vendors, specifically, cloud vendors, which as I mentioned above, since most legal technology does run in a cloud environment:

  • Ensure that the online storage provider has an en- forceable obligation to preserve confidentiality and security and will notify you of a subpoena.
  • Investigate the online storage provider’s security measures, policies, recoverability methods, and other procedures.
  • Ensure that the online storage provider has avail- able technology to guard against breaches.
  • Investigate storage provider’s ability to wipe data and transfer data to the attorney should you decide to sever the relationship.

Our obligations to keep abreast of changing law don’t stop there. We owe it to our clients to take advantage of technology in our practice and to do so safely. Pick and choose what works for you and leave what doesn’t. Technology, after all, is only as good as its user and that’s okay.




Being Prepared When the Cloud Rolls In

As published in Technology and the Law Section of the New York State Bar Association publication October 2014


Natalie Sulimani ( is the founder and partner of Sulimani & Nahoum, PC. She is engaged in a wide variety of corporate, employment, intellectual property, technology, Internet, arbitration and litigation matters. She counsels both domestic and international clients in an array of industries, including Internet and new media, information technology, entertainment, jewelry, consulting and the arts. Ms. Sulimani earned her LL.B. from the University of Manchester at Kiryat Ono, Israel. This article first appeared, in a slightly different format, in the Fall 2013 issue of Inside, a publication of the NYSBA’s Corporate Counsel Section.

Being Prepared When the Cloud Rolls In

By Natalie Sulimani

With each new technological advance comes at least one new word, if not a whole new language. It seems as if once you get a handle on one term there is yet another one to learn – crowdfunding and crowdsourcing, to name a few. And then there is social media, which should not be confused with social networks, of course. This is all in the spirit of service to technology and innovation. But none strike more fear in the heart of attorneys lately than the ubiquitous term “cloud computing.” What is the cause of the shudder you just may have felt run through the legal profession? Maybe the discomfort comes from the natural desire in the field of law to control as much of our client’s situation as possible, and cloud computing is an environment that we, as attorneys, cannot ultimately control. It is, by its very nature, in the hands of someone else. Hopefully, you have found a trusted Information Technology vendor to manage your part of the cloud.

But, while with technology the players and the terminology may change, what does not change is an attorney’s ethical obligations. We have a duty to maintain confidences, a duty to remain conflict free in our representations and, of particular interest to me lately, a duty to preserve.

The lesson has been taught, and sorely learned, that files must be backed up. Hard drive failures are, unfortunately, a reality. So, you back up to an external hard drive. Except the unwritten rule of the cyberverse is hard drives always fail. Always. Recently, the onslaught of natural disasters, the latest being Hurricane Sandy on the East Coast, has taught some lawyers a very harsh lesson. Redundancy is important. Maintaining files in multiple locations is a must. How many files were lost due to flooding or a server going underwater? How many attorneys were unable to access their files because of these or other similar catastrophes? If it was even one, then it was too many. And worse yet, there is no reason for such things to happen.

Early in my solo career, I had a breakfast networking meeting with an attorney from a midsize firm and the discussion turned to the topic of working from home. Now, technically, I do not have a virtual law firm, but I do consider myself mobile as an attorney. I think most of us do. Technology allows us to do so. Moreover, the amount of work necessitates that we work remotely. Clients expect you to be available on their schedule, and worse yet, clients or opposing counsel may live in a different time zone. Not everyone exists on Eastern Standard Time. So, I casually asked, “How do you manage your work from home?” The answer was, “I email my files to myself.” I followed up with, “Okay. To your firm’s address?” The response that mentally gave me pause was, “No, personal email address.” There seemed something wrong about this, but more on that later.

Opinions regarding maintaining confidentiality are numerous, frequent and, as we move forward technologically, the subject keeps returning like a bad penny. We all know that we need to maintain confidentiality. But the challenge as we progress may be to understand new technology so that we are able to use it to be more efficient, while at the same time being confident that we are maintaining client confidentiality.

History and the Ethics Trail to Cloud Computing

If you have attended seminars on cloud computing, then you may know that the first iteration of the cloud was voicemail. Answering machines were replaced with voicemail, which meant that your messages were stored on a remote server that required you to use a code to retrieve them. Although this was a shift in where personal and official information was stored, I cannot remember anyone wondering whether this would be an issue of confidentiality or otherwise. The result was everyone kept answering machines over voicemail for the convenience of listening to messages anywhere.

The next step in cloud computing came in the form of third-party email providers like Gmail, Yahoo, MSN, Hotmail, AOL, and others. These services stored our communications on remote servers in any number of locations, but most important, all this information resided in the cloud. Again, almost everyone is happy to access his or her email from anywhere without fretting over the fact that all our words and thoughts are floating out there in the cloud.

So how do the courts view this use of the cloud? An opinion rendered in 1998 in New York State said that a lawyer may use unencrypted email to transmit confidential information since it is considered as private as any other form of communication. Unencrypted means that, from point to point, the email could be intercepted and read. The reasoning was that there is a reasonable expectation that e-mail will be as private as other forms of telecommunication. However, the attorney must assess whether there may be a chance that any confidential information could be intercepted. For example, if your client is divorcing his or her spouse, an email that both spouses share, or even an email to which the non-client spouse has access, should not be the method of communication. The attorney must seek alternate methods of communicating.

Gmail did add an extra twist, which other email service providers quickly copied. As a “service” to you, email service providers started to scan emails in order to provide you with ad content. They would scan keywords in your email and provide relevant advertising. For instance, if you were discussing shoes in an email, the email service provider would tailor ads when you were in the email inbox and you would now be receiving advertisements for Zappos or any other shoe vendor. After all, nothing is better than a captive audience.

So, the question now becomes whether a lawyer can use an email service that scans emails to provide computer-generated advertisements. The New York State Bar Association opined in Opinion 820 (2/8/08 (32-07)) that, yes, it was okay, since the emails were scanned by machine and not by human eyes. If the emails were read by someone other than sender and recipient, the opinion would have certainly been different.

And now to the topic at hand: storing client files in the cloud. Through services like Dropbox,, Rackspace, Google Docs, and others, an attorney can add to his or her mobility and efficiency by storing client files online. Although I know there is a lot of debate surrounding this practice, I do not see how it is very different from storing client files off-site in a warehouse. In the cyberworld, electronic files are held by a third party on a secure remote server with a guarantee that they will be safe, and only authorized persons will have access. In the brick-and-mortar world, paper files are held by a third party in a warehouse with the same guarantees. Both are equally secure and equally liable to be broken into by nefarious agents bent on getting to the diligently hidden confidential information. Again, the technology might change, but the principles are the same. One should not be more or less afraid of one method of storage over the other.

A number of state bar associations have been grappling with the issue of cloud computing and the ethical issues it raises; these include North Carolina, Massachusetts, Oregon, Florida, as well as our esteemed New York State Bar Association. However, surprisingly, to date only 14 of the 50 states have opined regarding use of cloud computing in the legal profession. One would think more would have joined the fray in giving its lawyers some guidance.

The American Bar Association amended its model rules last year, perhaps as a beacon to other bar associations, but certainly as a guide for other states.

Model Rule 1.6 holds:

A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

Across the board, opinions are cautious about using cloud computing in the practice of law, but there is nothing about it that could be called unethical. The ethical standard of confidentiality is reasonable efforts to prevent disclosure. The question, therefore, lies in what is considered reasonable efforts.

Rule 1.6(a) of the New York Rules of Professional Conduct states that “[a] lawyer shall not knowingly reveal confidential information . . .” and, at Rule 1.6(c) goes on to say that “[a] lawyer shall exercise reasonable care to prevent the lawyer’s employees, associates, and others whose services are utilized by the lawyer from disclosing or using confidential information of a client.”

It is safe to assume that Rule 1.6(c) imposes the obligation for lawyers to use reasonable care in choosing their cloud computing and/or IT vendors, but indeed those lawyers may take advantage of the cloud and employ those who provide and manage those services in good conscience.

In fact, in September 2010, the New York State Bar Association issued Ethics Opinion 842 regarding the question of using an outside storage provider to store client information. The question that was asked of the New York State Bar Association was whether a lawyer can use an online storage provider to store confidential material without violating the duty of confidentiality.

So What Exactly Is the Cloud?

To understand what the issue is and why it may pose a problem, it is best to understand what it means to store information in the cloud. A cloud, in its simplest terms, is a third-party server. The server in which the information is stored is neither on the law firm’s premises nor owned by the law firm. The law firm’s IT person or department does not maintain where the database is stored in any way. It is in the hands of a third party offering a service.

An internal storage system is a closed circuit, meaning there is a direct line from your desktop to the firm’s server. Absent hacking, the information is controlled internally. Once removed from this closed system and stored in the cloud, your information may be more vulnerable because you have now created access points in which others may gain access to that data. To illustrate, data will now flow out on the Internet and beyond your control to get to the remote server where it is housed. However, encrypt the data and you have limited the exposure. As stated above, once encrypted it would take a nefarious and willful mind to be able to read what you are sending into the cloud.

Why Should You Move Your Data to the Cloud?

There are many reasons why you would want to move to the cloud and many reasons why it is prudent to move your storage to the cloud. To begin with, properly using cloud computing in the storage of client information reduces the possibility of human error. Emailing files to yourself, transferring them to a thumb drive, storing client files in offsite warehouses, to name a few, are all steps that introduce and increase the chance for human error. Email to your personal email account runs the risk that your family would access your email at home, thumb drives get lost, people break into warehouses and natural disasters happen that can destroy files. Cloud computing, by contrast, puts your files in the hands of competent IT professionals who will secure your information and provide the necessary redundancy so that if a server goes down your files will live on and be available when you need them from another server. Their major, if not sole, purpose (and the reason you pay them) is to safeguard your files and ensure that you will always have access to them when necessary, so they are highly motivated to do it well and properly.

In March 2012, the Federal Trade Commission (FTC) issued a report titled Protecting Consumer Privacy in an Era of Rapid Change. While attorneys may be subject to higher standards in keeping client confidences, I think this is a good guide in understanding the technology and best practices associated with it.

The FTC report recognized that businesses are moving to the cloud because it improves efficiency and is cost effective. However, the overarching concern is privacy. The FTC recommended overall guidelines for technology and consumer data. In particular, there are four recommendations that businesses should follow:

•Scope: Define what information is stored.

•Privacy by Design: Companies should promote privacy in their organizations.

•Simplified Choice: Simplify choice so that the customer is able to choose how information is collected and used in cases where it is not routine, such as order fulfillment.

•Greater Transparency: Companies should be transparent in their data practices.

Using these guidelines, what are best practices for attorneys?

•Consider what client information you will store in the cloud.

•Privacy is easy to ensure, attorney-client privilege should be maintained.

•Determine what information you will share with your clients. For example, will you share their case files with them? You can pick and choose what you share with your clients in the cloud for greater collaboration and reduction of emails going back and forth with attachments. They can upload their data in a secure environment, and you can share information in a secure, password-protected environment where you can ensure that only a specific client or clients have access.

•Choice and transparency go hand in hand. While it is the attorney’s best judgment in deciding how to reasonably protect client information, you should make your client aware that you are using these services. Build it into your retainer. If, for any reason, your client objects, you will know and can deal with the reasons why right at the beginning. It may take just a short conversation about the confidentiality, reliability and ease of the cloud to assuage any fears or concerns.

•Finally, have a breach- notification policy in place. This is not just for your corporate clients; any client whose information is in the cloud should be notified of and subject to this policy.

Now that I have you on board with moving your files to the cloud, consider that you need to exercise “reasonable care” in choosing a cloud provider. New York State Bar Association Ethics Opinion 842 offers some guidance:

•Ensure that the online storage provider has an enforceable obligation to preserve confidentiality and security and will notify you of a subpoena.

•Investigate the online storage provider ‘s security measures, policies, recoverability methods and other procedures.

•Ensure that the online storage provider has available technology to guard against breaches.

•Investigate storage provider’s ability to wipe data and transfer data to the attorney should you decide to sever the relationship.

Read the Terms of Service and, when you can, negotiate with the cloud vendor. Cloud vendors update their policies and may be willing to change their practices to meet the needs of their (and your) clients. If you have concerns and/or specific needs, contact the vendor, and if it is unwilling to change its practices, go somewhere else. Frankly, there are many online storage providers so be discerning when it comes to client data.

While utilizing an online storage provider, consider its encryption practices. Will your data be stored encrypted? Will you encrypt the data enroute to the online storage? And who has access while it is being stored? Also, if the online storage provides access on mobile devices, just as you would your computer, laptop, tablet and mobile phone, add security by password protecting the online storage’s mobile app. After all, just as in the non-cyber world, a big threat to effective storage is human error. Therefore, it is of utmost importance that you know how to remotely wipe the data if your device is lost or stolen. One aspect of mobile storage to be aware of is that when you download client data to your mobile device, it may be downloaded to your SD card. Whether you want this is something to consider; take steps to avoid it, if desired. This is an example of the importance of understanding how the technology works, understanding where problems, such as interception, may occur, and ultimately how to take steps to avoid them. Education is key.

In short, the advantages of cloud computing as outlined in this article make it a perfect complement to an effective and successful law practice. There is little difference in the potential ethical issues or any other such problems that exist in the cloud and in the brick and mortar world of physical offsite storage of clients’ files. Rather than running away from this new technology, it would be better to embrace it by learning more and making wise decisions that will minimize potential pitfalls down the road, while at the same time increasing the ease and usefulness of client communication and interaction.

WhatsApp WhatsApp Us!