Save as PDF RSS Feed Subscribe

How to Evaluate Terms and Conditions, for Law Firms and Lawyers

Insight Yaacov P. Silberman Yaacov P. Silberman · December 06, 2011

In my previous post, we began discussing how to choose a vendor of cloud computing services. This inquiry is particularly important for law firms that rely heavily on cloud computing technology, including alternative law firms and the firms subscribing to the virtual law firm model. This article provides a brief overview of a few key things to look out for when evaluating a cloud vendor’s terms & conditions. It is not an exhaustive treatment of the issue.

Click here for 1 hours of CLE Credits (Ethics)

As a preliminary matter, it is worth noting that in most cases, the contracts issued by cloud computing service providers are not negotiable. Established vendors will only alter their agreements for particularly large clients, or in special cases. The point of evaluating a service’s terms and conditions is therefore to compare one service to another, and to ensure the service meets certain minimum requirements.

The most difficult aspect of evaluating any contract, perhaps, is identifying those terms that are absent from an agreement. If we’ve never seen a certain type of contract, how do we know if something is missing? The American Bar Association has provided some help in that regard. In the fall of 2010, the ABA Working Group on the Implications of New Technologies published an “Issues Paper Concerning Client Confidentiality and Lawyers' Use of Technology”. The paper was only an exploratory document but it indicated those terms that the Working Group considered important. We’ll examine a few of these in this blog post.  


The ABA working group suggested that the terms of use should spell out who owns the data that is stored with the cloud-computing vendor. Practically, most vendors that sell to business clients don’t impinge on their clients’ data ownership. But a related, oft-overlooked issue is the ownership of the service provider who is holding your data. What happens if the vendor is sold to another company? An important reason why we choose one company over another is because we trust the company. Most contracts don’t mention what happens in a change of control.

One exception that I’ve seen is Clio - an online practice management tool that is quickly growing in popularity. In their terms and conditions, Clio commits to notify its customers by email and to publicize any change of ownership on their website in the event of a change of control – a very favorable clause.

Dealing with Subpoenas

The ABA Working Group, also stressed the importance of understanding the vendor’s policies in the event they should receive a subpoena from a third party requesting access to your or your clients’ documents. On this issue, there is a marked difference on how different companies deal with this issue, often depending on whether they are a free or paid service.

For instance, Mozy (an online backup service) and DropBox (an online file sharing service) are consumer-oriented sites. Both offer a free version of their services. In their terms and conditions, both Mozy and Drop Box state that they will comply with a government warrant or subpoena if they determine in their sole discretion that it is necessary to do so. In other words, if the company determines that the document request is valid on its face, they may turn over your confidential documents to the requesting party (perhaps even without notifying you).

In contrast, Box.com (an document-management system) and SOS (an online backup service) cater mostly to businesses. Both companies offer only paid versions of their services. In their terms and conditions, Box and SOS commit to tell their clients should they ever receive a subpoena seeking documents stored with them, and they further commit to cooperate with their clients to obtain a limiting order. This is the most (and the least) that a lawyer can ask for from their service provider.

Retrieval of Data

The last term that we’ll examine, one that was also discussed by the ABA Working Group, is a service provider’s policies regarding the retrieval of a user’s data upon the termination of services. Nearly every vendor will lock out their users immediately after services are terminated. Lawyers who store documents with online services need to ensure that they can easily retrieve their data in a usable format if services are terminated. Lawyers also need to ensure that the vendor will completely destroy all the lawyers’ data within a reasonable amount of time following termination. (Here too, there is a significant difference between how consumer sites and business sites treat this issue – you really do get what you pay for).

This is only a small sample of the issues you should look out for when evaluating a cloud computing service’s terms and conditions. The important thing to remember is that these are binding contracts that lawyers must carefully review, both to protect our clients and to comply with our ethical responsibilities.


Legal IndustryCLEW