Law firms and lawyers exist to create documents for clients—but do not own them. Clients do. Like many owners, clients have many concerns about how others interact with their property, particularly stemming from cybersecurity and privacy needs. In fact, the management of documents, email and other content comprise nearly all the top concerns of chief legal officers which are, in this order[1]: (1) regulatory changes; (2) protection of corporate data; (3) governance and management of data; and (4) ethics and compliance requirements.
Clients, therefore, have made some rules with some wake-up-call consequences: not being paid, sued, or simply fired. Commonly known as Outside Counsel Guidelines (“OCG”), the rules exist to control process. OCG have moved from guidelines to actual contracts that provide for indemnification of the client for cyberbreach and violation of privacy laws and require firms explicitly to secure the client’s data. 79% of legal departments now provide OCGs to their law firms, a 30% increase over 2017[2], and they are overwhelmingly the most effective method for legal departments to control spend and mitigate risk.
Firms are challenged to comply with OCGs, and this is causing collection cycles to increase, invoices to be rejected and line items to be met with refusal to pay, written off or, in some cases, whole firms to be sued or fired. 39% of clients measure law firm performance against OCGs and almost half of chief legal officers will fire their law firms in 2019, redirecting that work to another firm as a result[3].
The principles are simple. All organisations need to make sure they follow best practices on mitigating cybersecurity risk: through education, data encryption, strong perimeter security and password policy. Firms need to have a process to make sure that the clients’ documents are organised, the non-public data secured to those who need access it, the ability to report on it and then destroy or transfer it when requested.
To comply with the data side of the OGCs, firms must have a clear information governance strategy, for which the firm’s document management system is the foundational system.
To Have is not to Hold
That is why 98% of law firms report owning a document management system (DMS)[4]. This is most the logical location for the electronic matter file. However, it is an unfortunate commonplace (across many verticals, including legal) that owning technology is not equal to the adoption and proper running of it. In a recent survey of over 2,000 lawyers across a wide range of projects, the data illustrated that lawyers explicitly avoid working in (insert any name) DMS[5] and, instead, will put files on their local C drive, or a network share, because this is what’s easier and makes more sense to a lawyer—or at least to one blind to the business drivers. It’s time to prioritise adoption, starting with removing the blinders.
The problem is that partners are disconnected from the business drivers contracted in OCGs rendering the firm’s liability and revenue loss potential invisible.
Adoption Means an Electronic File in the DMS
Why do firms own a DMS in the first place and what do we mean by its adoption? The DMS can be divided into two essential cases:
Work-in-process: drafting, versioning and delivering documents – getting the document out of the door;
The electronic matter file: creating a record of all documents related to a matter plus email in a single location.
Complying with the top chief legal officer’s concerns is not possible without an electronic file. This is because information governance can only apply to the known. This is not an epistemological tautology.
A firm cannot create a process over data it does not know it does not have: it cannot govern, cannot create and implement retention and destruction policies, cannot secure or lockdown unknown entities. This means matters require a proper electronic file to be maintained and to include all client documents, plus related email, in order to govern the known. Lawyers storing documents outside of the electronic file, therefore, expose the firm to multiple layers of risk—financial, ethical, regulatory and security.
The Electronic File will get Firms Compliance with OCG
Firms can count on clients’ enforcement of OCGs to make sure their data isn’t the next headline news story. Here are a few more key client concerns stipulated in OCGs that require firms to maintain an electronic file to support proper governance and security:
Regulatory changes. Firms today face multiple regulatory mandates directly and indirectly through their client’s regulator. Among others, the General Data Protection Regulation (GDPR) provides for significant fines – up to four percent of a firm’s global annual revenue – for compliance failures. This regulation mandates, among other requirements, that firms be able to track and, if requested, delete personal data held anywhere by the firm – on behalf of clients and otherwise. This alone necessitates a structured, electronic system for managing such content. For client files, the DMS is the only sensible such option.
Security. Clients are stipulating “need to know” security. This means data is secured and limited only to those who need to know, then deleted or transferred back to the client as soon as it is no longer necessary. The Association of Corporate Counsel (ACC) memorialised this in 2017 in: “Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information” and it is now delivered in OCGs to firms.
Ethics and compliance. Moreover, the electronic file is not just a good idea but rather a regulatory or ethical duty of a lawyer’s license to practice law. A client can request a copy of their file at any time – an inefficient delivery on this request will not be paid for by the client, nor (and maybe worse) appreciated. Each jurisdiction has different requirements about what exact information the firm needs to provide in a file transfer. There are ethics opinions in the United States that indicate that if you do not maintain a file the cost of creating one is on the firm.
Strategy. Client files are typically transferred as a result of law firm partners (“laterals”) moving firms, and in the 7-year period between 2010 and 2017 close to 50% of all partners moved firms in the US market – with the Atlanta and Chicago markets exceeding 50% of all partners. 2018 was even more aggressive as the busiest year on record for partner lateral moves in the Am Law 100[6]. In the UK there are between 500 to 1,000 moves per year which adds up to about 3,500 moves that are considered “substantial”, meaning that the number is even larger as only the “newsworthy” moves are reported. This is a huge business challenge for firms to sustain continuous governance and security over client records.
The implementation and adoption of an electronic file solution within the firm’s DMS is therefore a core element of a firm’s information governance strategy.
In Part II, we will tell you how to do this successfully.
Keith Lipman (pictured top right) is CEO and co-founder of Prosperoware
[1] 2018 ACC Chief Legal Officer Survey
[2] 2018 Altman Weil Chief Legal Officer Survey
[3] 2018 ACC Chief Legal Officer Survey.
[4] ILTA 2018 Tech Survey
[5] Survey by Fireman & Co
[6] 2018 ALM Intelligence Report
This article first appeared in the January Orange Rag newsletter – so sign up for your free copy and be the first to read our news and commentary click here: http://legaltechnology.com//latest-newsletter/
