Attorneys and law firms (like the rest of the business world) are beginning to migrate to "software as a service" (SaaS) for various practice applications. (The ABA Legal Technology Resource Center has a good primer on SaaS here)
The nature of SaaS presents new challenges for attorneys with respect to the protection of client information. The North Carolina State Bar has issued two proposed Ethics Opinions (scroll down) concluding that lawyers may use SaaS as long as certain steps are taken to safeguard the confidentiality and security of client information.
The second opinion also contains a number of "best practices" that an attorney should follow when contracting with a SaaS vendor. The questions that an attorney should ask an SaaS vendor include where the data is hosted, who owns the data, does the agreement address confidentiality, how does the vendor protect the security and confidentiality of data, how the data is backed up, and how the data is retrieved or returned if the vendor goes out of business or the agreement is terminated.
Thanks to the K&L Gates Electronic Discovery Law Blog for its summary on this topic.