BUSINESS LAW AND
TECHNOLOGY
TIPS AND BEST PRACTICES FOR THE TECHNOLOGY-FORWARD LAW PRACTICE
Carla L. Reyes
Visiting Assistant Professor of Law
Stetson University College of Law
December 1, 2016
Remarks prepared for the Business & Corporations Section Seminar, of the State Bar Association of North Dakota
AGENDA
CLOUD COMPUTING FOR
LAW PRACTICE
• Why cloud computing?
• What legal obligations apply?
• What are best practices for selecting
a provider?
• What are best practices for using
cloud-based software in law practice?
ELECTRONIC DUE DILIGENCE
AND E-DISCOVERY
• When will electronic due diligence
and e-discovery issues arise during
legal project management?
• What legal obligations apply?
• What are best practices for selecting
and using a platform?
ELECTRONIC SIGNATURES
AND REMOTE CLOSING
• Why electronic signatures and remote
deal closings?
• What legal obligations apply?
• What are best practices for remotely
negotiating, closing and signing deals?
2
CLOUD COMPUTING FOR LAW PRACTICE
3
WHAT IS CLOUD COMPUTING?
•
The National Institute of Standards and Technology (NIST)
defines cloud computing as:
•
A model for enabling convenient, on-demand network
access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and
released with minimal management effort or service
provider interaction. This cloud model promotes
availability and is composed of five essential
characteristics, three delivery models and four
deployment models.
•
http://csrc.nist.gov/groups/SNS/cloudcomputing/index.html.
4
5 ESSENTIAL CHARACTERISTICS OF
THE CLOUD
1. On Demand Self Service
2. Ubiquitous Network Access
3. Location Independent Resource Pooling
4. Rapid Elasticity
5. Measured Service
5
3 CLOUD DELIVERY MODELS
1. Software-as-a-Service (SaaS)
• Companies host applications in the cloud that users
access via the Internet.
2. Platform-as-a-Service (PaaS)
• Developers design, build and test applications that
run on the cloud provider’s infrastructure, and then
use the platform to deliver those applications to end
users.
3. Infrastructure-as-a-Service (IaaS)
• Provision of processing, storage and database
management through the network; pay by usage.
6
4 DEPLOYMENT MODELS
1. Private Cloud
2. Community Cloud
3. Public Cloud
4. Hybrid Cloud
7
WHY THE PUSH TO USE CLOUD
SOLUTIONS IN LAW PRACTICE?
• Requested by clients
• Internal Cost-Benefit Analysis
• Anywhere/anytime access
•
Specialization and customization of
applications
•
•
•
•
Real-time collaboration
Storage as a service
Cost
Perceived efficiencies
8
APPLICABLE LEGAL OBLIGATIONS
•
•
Rules of Professional Conduct
•
Model Rule 1.6(c). Lawyers are required to “make
reasonable efforts to prevent the inadvertent or unauthorized
disclosure of, or unauthorized access to, information relating
to the representation of a client.”
•
Model Rules 3.4(a) & (e). Lawyers have specific obligations
with regard to discovery of documents and information.
•
Model Rule 5.3. A lawyer must “make reasonable efforts to
ensure that the services are provided in a manner that is
compatible with the lawyer’s professional obligations.”
Privacy and Security Laws
•
•
•
•
State Data Breach Notification Laws
Obligations relating to retention, destruction and storage
International Data Transfer Laws
Contractual Obligations
9
BEST PRACTICES:
CHOOSING AND USING CLOUD-BASED SERVICES
•
•
•
•
•
•
•
•
Understand the vendor’s model
Trust, but verify
Ask about the vendor’s exception monitoring systems
Ask about the vendor’s security incident response plan
Ask about and understand the vendor’s third party service providers
Review the vendor’s security policies and investigate past compliance
Ensure there is a mechanism for retrieving data
Insist upon SLAs
10
BEST PRACTICES:
CHOOSING AND USING CLOUD-BASED SERVICES
•
Use Limitations.
• Does the cloud service provider claim ownership to customer data? What do the privacy policy and
privacy related provisions in the service agreement say about the provider’s use of customer data?
•
Disclosure
• Ensure that the cloud provider will only disclose customer data if required by law. What are the
provider’s notification practices in the event of a compelled disclosure? How robust is their ECPA
compliance program?
•
Data Location
• Where is the data hosted? Is the answer acceptable?
•
Audit
• Does the cloud provider use third-party security auditors? Will they make audit reports available to
you?
•
Data portability
• How hard will it be to get your data back? How hard will it be to transfer to another provider? Is
your data available to you in an industry-standard, downloadable format? What kind of winddown/transition provisions are included in the service agreement?
11
ELECTRONIC DUE DILIGENCE AND E-DISCOVERY
12
WHEN WILL THIS MATTER?
•
Desire for efficient due diligence processes
powered by technology
•
Unique due diligence issues for the hightechnology client
•
Unique E-Discovery issues confronted by a
technology-forward law practice
13
BEST PRACTICES – DUE DILIGENCE
•
Choosing your due diligence technology
•
•
•
Do you have a choice?
Alternatives to the pdfs in an electronic document room
and a local excel spread sheet?
Special due diligence issues for the high-technology client or
target
•
•
Regulatory diligence
•
•
Privacy and security
Ownership diligence (IP, licensing, open source
software)
Cross-border diligence
14
BEST PRACTICES – E-DISCOVERY
•
•
•
E-Discovery SaaS
Cloud-based e-discovery
E-Discovery on any data stored in the cloud:
•
•
How to comply with legal holds
How to comply with metadata
requirements imposed through discovery
requests
15
ELECTRONIC SIGNATURES AND REMOTE CLOSINGS
16
WHY E-SIGNATURE AND REMOTE
CLOSINGS?
•
•
•
Quest for efficiency
•
•
Technology driven businesses
Promoting document integrity
Global nature of business; growth of ecommerce
Requests from/expectations of clients
17
WHAT LEGAL OBLIGATIONS
APPLY?
•
Electronic Signature in Global and National
Commerce (ESIGN) Act of 2000
•
•
Uniform Electronic Transactions Act (UETA)
Contract Law
18
BEST PRACTICES
1.
Do all parties agree to sign electronically and close
remotely? If even one party objects, the validity of the
process is called into question.
2.
Is this the kind of document covered by E-SIGN? If not,
stop. Don’t sign electronically!
3.
Time to sign? Send the whole document around, not just the
signature page.
4.
Opt-Out. Make sure there is a clear opt-out mechanism.
5.
All parties signed it; now what? Ensure that the final
signature triggers a complete copy of the fully executed
agreement to be sent to all parties.
6.
Is Advanced Authentication right for you? Be intentional
about which level of security you provide for each
transaction.
19
Questions?
20