A growing trend exists to use vendors that provide web-based software which stores your data on a third-party server accessible only over the internet. If you are considering purchasing and using a web-based data storage company such as Mozy, Carbonite, CoreVault or SugarSync, or a case management software program like RocketMatter, or Clio, then you will be purchasing software hosted on a remote server, also known as Software as a Service (“SaaS”). Eric Mazzone, Law Practice Advisor for the North Carolina Bar Association, and David Ries address the five fundamental steps which you must take before entrusting your data to another entities’ server in their article “A Techno-Ethics Checklist“. These required steps include 1) reading the licensing agreement; 2) determining who owns the data that you are storing; 3) determining how secure the data is kept; 4) determining if you can retrieve the data if you terminate your service or the vendor goes out of business; and 5) ensuring that the vendor has adequate physical and electronic security and confidentiality policies. Although the potential for web-based software solutions to help streamline a legal practice are significant you must ensure that your data is safe, belongs to you, and can be retrieved.