Below are links to Useful Documents for Law Firms Developing AI & Cloud Strategies
Legal Ethics
California
State Bar of California — Ethics Opinions Related to Technology
Central hub for California ethics opinions addressing competence, confidentiality, and the use of technology in legal practice.Ethics Opinions Related to Technology | The State Bar of California
California State Bar Formal Opinion No. 2010-179
Foundational California opinion on cloud computing, reasonable security measures, and lawyer supervision of technology vendors.California State Bar Formal Opinion No. 2020-203 (Data Breaches)
Addresses lawyer duties to prevent, respond to, and remediate data breaches affecting client information.
American Bar Association
ABA Formal Opinion 477R — Securing Communication of Protected Client Information
Explains when heightened security measures are ethically required based on the sensitivity of client information and risk context.
ABA Formal Opinion 477R: Securing communication of protected client informationABA Formal Opinion 498 — Virtual Practice
Addresses cloud-based practice management, remote work, and technology-enabled law firm operations.
aba-formal-opinion-498.pdfABA Formal Opinion 512 — Generative AI Tools
Addresses lawyer competence, confidentiality, supervision, and communication duties when using generative AI and similar tools.
aba-formal-opinion-512.pdf
Privacy
California Department of Justice — CCPA / CPRA Privacy Resources
Official California privacy-law guidance that informs expectations around data security and breach analysis, without displacing professional-responsibility duties.
https://oag.ca.gov/privacy/ccpa]
Security & Risk Framework Evaluation
OECD Privacy Guidelines
Jurisdiction-neutral principles.
https://www.oecd.org/digital/privacy/
AICPA — SOC 2® Overview
Explanation of what SOC 2 represents.SOC 2® - SOC for Service Organizations: Trust Services Criteria | AICPA & CIMA
CIS Critical Security Controls v8 / v8.1
Widely used across industries to evaluate safeguards.
https://www.cisecurity.org/controlsNIST Cybersecurity Framework (CSF) 2.0
Risk-based framework covering governance, protection, detection, response, and recovery.
https://www.nist.gov/cyberframeworkNIST SP 800-53 Rev. 5 — Security and Privacy Controls
Canonical control catalog used by many technology vendors to map their security programs.
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/finalNIST SP 800-53B — Control Baselines
Defines baseline security expectations across different system types and risk environments.
https://csrc.nist.gov/publications/detail/sp/800-53b/finalNIST SP 800-61 Rev. 3 — Incident Response Guide
Practical guidance underlying the CSF “Respond” and “Recover” functions, useful for evaluating whether vendors have a credible incident-response capability.
https://csrc.nist.gov/publications/detail/sp/800-61/rev-3/finalNIST Privacy Framework 1.0
Risk-based approach to privacy governance that complements lawyer confidentiality obligations.
https://www.nist.gov/privacy-framework
Practical Due Diligence Tools
Multi-Jurisdiction Ethics List & General Ethics + Tech Primer
https://www.clio.com/blog/cloud-computing-lawyers-ethics-opinions/
https://www.clio.com/blog/lawyers-ethics-technology/
ABA Tech Report
https://www.americanbar.org/groups/law_practice/resources/tech-report/
https://www.legalfuel.com/download/quick-start-guide-on-cloud-computing/
Security Checklists & Questionnaires for SaaS Vendors
https://www.leanix.net/en/wiki/apm/saas-security-checklist-and-assessment-questionnaire
https://travasecurity.com/saas-security-assessment-questionnaire/
https://cloudsecurityalliance.org/research/guidance
https://ironcorelabs.com/blog/2021/checklist-fast-evaluation-of-saas-security/
Additional Reading
2024 Resource Guide by New York City Bar
https://www.nycbar.org/wp-content/uploads/2024/10/20221360_Small_Firm_Report_Resources_Guide.pdf
Five Ways Estate Plans Fail (from a Litigators’ POV)
Incapacity isn't planned for
Outdated beneficiary designations defeat everything
The trust that owns nothing
Digital assets and modern property disappear
Human conflict is baked into the plan
From a litigator’s point of view, estate plans don’t usually “fail” because someone forgot a legal buzzword—they fail because real life hits the plan where it’s weakest. First cracks often appear during incapacity, when a family needs someone to act immediately and discovers there’s no workable authority. Even when documents exist, outdated beneficiary designations can quietly override everything the trust or will says, and an unfunded trust can turn a beautiful binder into an expensive probate anyway. Modern property adds a new layer of risk: accounts, devices, domains, 2FA, and crypto keys can make valuable assets effectively disappear if no one has access. And when the documents are vague—or the wrong people are placed in control—ordinary family tension becomes the match that lights the fire, turning ambiguity into delay, conflict, and sometimes litigation.
Estate Plans Can Fail When
Incapacity isn’t planned for
People plan for death, but conflict often starts while someone is still alive—when bills must be paid and decisions must be made.Outdated beneficiary designations defeat everything
Retirement accounts, life insurance, and POD/TOD designations often control by contract, even if the trust or will says something else.The trust that owns nothing
A trust that isn’t funded or coordinated with titles can become a “paper plan” that doesn’t control the assets that matter.Digital assets and modern property disappear
If nobody has legal authority and access (passwords, 2FA, devices, crypto keys), valuable assets can be delayed or lost.Human conflict is baked into the plan
Vague standards, unrealistic trustee choices, and missing accountability mechanisms turn ordinary tension into disputes.
Glenn anticipates beginning to offer estate planning services to select individuals starting in February 2026.
This page is for general educational information only and is not legal advice. Viewing this page or contacting the firm does not create an attorney-client relationship.