North Carolina Bar Association Issues Proposed Ethical Opinions Approving Use of SaaS, Providing List of Considerations to Minimize Risk
In what may be the first opinion of its kind, the North Carolina Bar Association has drafted a proposed ethical opinion addressing lawyers’ use of “software as a service” ("SaaS"). The proposed opinion concludes that lawyers “may contract with a vendor of software as a service provided the risks that confidential client information may be disclosed or lost are effectively minimized.”
A second proposed opinion, building directly upon the first, affirms the existence of “best practices” to be followed when contracting with a SaaS vendor “to minimize risk” and provides 23 questions that a lawyer should be able to answer “satisfactorily in order to conclude that the risk has been minimized.” Those questions include, e.g., whether the agreement with the vendor addresses confidentiality, how the data is protected, who has access to the data, who owns the data, how and when the data is backed up, and what happens if the vendor goes out of business, among others.
The proposed opinions are currently published for comment and are available in their entirely here (scroll down).