Rocket Matter was at the center of an interesting thread on the Google MILO discussion group over the past couple of days. You can read what some of our customers were saying and read back and forth between practicing attorneys about moving to an online practice management and time and billing software.

One very well researched post was provided by Josh Poje at the ABA Legal Technology Resource Center, who answered the question, “For those warning of bar and ethics, are there any specific prohibitions to offsite servers/backups?”

Here’s Josh’s response. Thanks so much for this great information:

I’m not aware of any states that have specifically prohibited offsite
backup. Ethics committees in both North Dakota and Nevada have approved
their use as long as reasonable care is used.

North Dakota:
“…a law firm does not violate Rule 1.6 if it subscribes to an online data
backup service, provided the law firm ensures that the security of the data
transmission and the security of the data storage are adequate for the
sensitivity of the records that are to be transmitted and stored.” (Opinion
No. 99-03,

“…the lawyer must act competently and reasonably to safeguard confidential
client information and communications from inadvertent and unauthorized
disclosure. This may be accomplished while storing client information
electronically with a third party to the same extent and subject to the same
standards as with storing confidential paper files in a third party
warehouse. If the lawyer acts competently and reasonably to ensure the
confidentiality of the information, then he or she does not violate SCR 156
simply by contracting with a third party to store the information, even if
an unauthorized or inadvertent disclosure should occur.” (Opinion No. 33,

Finally, a New Jersey ethics committee discussed “reasonable care” in the
context of transmitting electronic documents:
“The touchstone in using ‘reasonable care’ against unauthorized disclosure
is that: (1) the lawyer has entrusted such documents to an outside provider
under circumstances in which there is an enforceable obligation to preserve
confidentiality and security, and (2) use is made of available technology to
guard against reasonably foreseeable attempts to infiltrate the data. If
the lawyer has come to the prudent professional judgment he has satisfied
both these criteria, then ‘reasonable care’ will have been exercised.”
(Opinion 701,

A few additional opinions and notes are discussed on the ABA LTRC website