Raj Goel, CISSP
CTO Brainlink International, Inc.
raj@brainlink.com
917-685-7731
Raj’s LinkedIn profile
This article appeared on LAW.com
John Edwards (no, not THAT John Edwards) did a great job of summarizing various backup tools available for CLOUD backups, and some risks inherent in it.
My opinion is that law firms should NOT be using public or hybrid clouds, as dangers to client-confidentiality and potential litigation liabilities out-weigh any short-term savings.
PRIVACY
Rajesh Goel, chief technology officer at Brainlink International, a New York-based compliance security consulting firm, warns that storing data in the cloud could, under some circumstances, pose a privacy risk to client data. “If a firm is large enough and they have the financial and technical resources to build their own private cloud, then the advantages of cloud computing are compelling,” he says. “For firms lured by the low cost/save money siren song of public and hybrid clouds, there’s danger ahead.”
Goel observes that while the Electronic Communications Privacy Act assures that e-mail has a 180-day right to privacy, information held in databases has zero days of privacy protection. “All online applications … can be classified as databases, under the strict definition of ECPA,” Goel asserts.
Goel says that attorneys also need to be aware of another potential privacy threat. “The Patriot Act allows law enforcement to use National Security Letters to obtain information about individuals and companies from service providers,” he says. “Most NSLs forbid the service provider from notifying their clients that they have released information to law enforcement, based on NSLs.”
Goel adds that lawyers with clients in highly regulated areas, such as health care and financial services, also need to fully investigate their situation and privacy risk potential before sending files into the cloud.
Full Article is available at http://www.law.com/jsp/article.jsp?id=1202509461694&Backing_Up_Documents_in_the_Cloud&slreturn=1&hbxlogin=1