Josh Barrett over at the Tablet Legal blog recently posted some great tips on Getting files from the Cloud into your iPad. The solution is to use DropBox, but Josh's post neatly addresses the problem that many apps (including the Apple iWorks suite) can't save documents direct to DropBox.

The iPad desparately needs a native file management system which is consistent across all apps, but until (or unless?) this arrives Josh's method is a decent workaround.

Other iPad lawyers are keen on DropBox as a file storage solution including the iPad4Legal blog and Nicole Black who blogs at Legal iPad, but I suspect that many iPad users legal and otherwise will have installed the app.

I can see the attraction. I use DropBox myself for all my personal documents and the implementation on the iPad is particularly impressive. I have access to all my documents on PC, Mac, iPhone and iPad... all synchronised and with a local copy as backup in case anything goes wrong.

Unfortunately, it seems that for lawyers in the UK using DropBox for client documents is a non-starter (and the same probably applies to the other Cloud solutions which are available like Apple's MobileMe iDisk and Google Documents).

In theory, DropBox could take the place of a local shared drive giving you access to all your files in client meetings and whilst out and about. Indeed, this is one of the areas where the iPad could be really useful.

However, there are two major barriers to this - in the forms of Rule 4 of the Solicitors Code of Conduct and the Data Protection Act 1998 (as clarified this month by the Personal Information Online Code of Practice issued by the ICO).

You would be hard pressed to find a mention of cloud computing in the Code of Conduct (and indeed, the most recent version of the Law Society Practice Note on Data Protection doesn't even mention it). However, the notes to Rule 4 make it clear that whilst it may be permissible to outsource storage of data:-

This would normally require confidentiality undertakings from the provider and checks to ensure that the terms of the arrangements regarding confidentiality are being complied with.

The ICO code of practice follows in the same vein (although it very specifically refers to cloud computing services). Leaving aside our professional obligations, any client file is likely to contain "personal data" for the purposes of the Data Protection Act 1998.

The ICO code states that in order to store personal data on a cloud service

There must be a written contract in place... requiring the internet-based service provider to only act on your instructions and to have a level of security equivalent to yours.

It also notes that using the service must not lead to you losing control of the data or exposing it to risks which would not have occurred if it had remained under your control in the UK.

I don't doubt that services like DropBox, MobileMe and Google Documents offer good levels of security. I haven't investigated the other services in detail, but DropBox have a lot of detailed information about how they (and Amazon whose servers they use) secure your data. All data is sent using SSL encryption and is encrpyted on the server (and you can always encrypt your data yourself before saving to DropBox) and the physical security operated by Amazon seems impressive (and rather scary - "military grade perimeter control berms" anyone?)

Indeed, I suspect (although this is just conjecture) that a security expert would find it easier to obtain a piece of data from a law firm's own servers than from the system operated by DropBox.

The trouble is that when you look at the terms of service for DropBox you find the following:

Your access to and use of the Site, Content, Files and Services and is at your own risk. Dropbox will have no responsibility for any harm to your computer system, loss or corruption of data, or other harm that results from your access to or use of the Site, Content, Files or Services.

along with the usual disclaimer of any warranties, statement that the service is provided on an "as is" basis and limitations of liability. This is in no way meant to be a criticism - I use DropBox for free and it is a great service... I wouldn't expect them to accept any more responsibility (or liability than this).

Unfortunately, it is pretty clear that the undertakings which the ICO (and the SRA) require are not there. There is certainly no right for me to check that they are complying with the terms of their contract (as the SRA require). The terms of service for MobileMe and Google Documents are broadly similar in scope - and again they don't seem to contain the provisions which the ICO and SRA require.

It seems that the only safe approach is to assume that by loading client documentation onto DropBox (or MobileMe or Google Documents or whatever) you would be in breach of the Code of Conduct and the Data Protection Act. Not a situation which I would really want to be in.

This isn't an iPad specific issue, but it does hit the iPad hard because of its lack of a decent file management system. DropBox is a great answer to this (and for my personal documents it works brilliantly), but I really need an enterprise-grade solution which is fully compliant for lawyers... and that certainly isn't going to be free.

I would be interested to hear if anyone has a different view on this. Are you using a different solution which gets around these issues? Please let me know via the comments if so.