After two days of being around attorneys, judges, and legal technologists, I saw a few legal truths very close up. I had always heard from my lawyer friends about billable hours, but it’s clear from LegalTech that it’s almost the prime directive for law firms.
So if you tell a partner why she should encrypt a document or put it into a special folder with restricted privileges, she’ll likely counter, “In the time it takes to do that, I could have been on the phone with my clients making money for the firm.”
Law Firms vs. Data Security
Law firms hold important corporate secrets and other confidential information in their emails, text messages, memos, documents, and other digital records. But admittedly, according to many of the panelists at LegalTech, they could do more to protect that data.
Attorneys clearly understand that technology has allowed them to move faster and make more money. But technology is the proverbial double-edged sword.
More deals mean more data, leaving firms vulnerable to attacks. And yes, law firms have been subject to hackers, but nothing (yet) at the level of the recent breaches in the non-legal sector.
The attorneys we listened to were fearful of a devastating attack: no firm wants to be known as the Sony of the legal world.
Law firms, of course, sit at the top of the information economy, holding the most valuable goodies. But the sentiment from the panelists was that they are not giving cybersecurity the attention it deserves.
And hence the contradiction. The data is valuable, but protecting it is an inconvenience to the partners and can conflict with their prime directive of billable hours.
It’s not to say that they haven’t taken steps. They’re proud of their perimeter defenses, but also realize that it’s the inside that counts.
Corporate Counsels vs. Files
It would seem to this non-lawyer that attorneys’ ethical obligations will ultimately trump the prime directive of billable hours.
Outside the law firm, corporate in-house counsels have similar conflicts, but the dynamics are different.
The big concern for corporate attorneys, who are not under the billable hour constraint, is whether to delete files. The key issue for them is erasing data that could potentially be used in an e-discovery procedure.
They are obligated to preserve data once litigation is reasonably expected—a “legal hold”. If they delete this data, they can run afoul of spoliation — a fancy legal world meaning destruction of evidence — and this can result in sanctions.
Then the problem becomes overprotection. For example, it turns out that Microsoft has 261 terabytes of employee data under pending legal holds. This becomes costly when dealing with multiple litigations — especially a problem for the Fortune 500.
Of course this can get nutty, and that’s where the proportionality rules comes into play. In recent years, companies have been given some leeway in deciding what can be deleted after weighing factors about the case and relevance of data.
To our ears, this all began sounding like a data governance problem. And the attorneys clearly recognize this as an issue — we were after all attending the ‘governance’ track at Legal Tech 2016!
One resolution to solving the data security, money, and legal obligations conundrum is to, at least in the corporate world, give more authority to Chief Legal Officers and Chief Privacy Officers when it comes to information governance decisions.
Attorneys understand which information is valuable, and IT can implement the appropriate technology. Message to attorneys: work with your geeks!
Have any opinions? Let us know in the comments.