Processing risk: The technology in PII
Visibility and control are the benefits of implementing a modern, technological approach to mitigating risk, explains Patrick Hurley
The Solicitors Regulation Authority (SRA) has said that cybercrime issues affecting solicitors are increasing and, according to some sources, the increase in cyber attacks is becoming a concern not only for solicitors themselves, but also for professional indemnity insurers.
Research by Thomson Reuters shows that 41 law firms reported 44 data breaches to the Information Commissioner's Office (ICO) in the year leading up to 30 June 2014. Getting breached and then being investigated by the ICO can cost firms dearly in terms of a fine and, perhaps more importantly, this could have a significant impact on the law firm's reputation.Firms face risk every day, from operational and client audit risks to statutory and regulatory risks. Robust legal technologies can help provide better visibility and control over managing these risks and can help ensure the highest protection of confidential data.
Data security and the cloud
While there is clearly growing concern around cyber attacks, cloud technology is generally still considered safer and of lower risk for firms than storing data and hardware within their own premises.
A recent survey of small law firms in the UK by Thomson Reuters supports this view. It shows that, when it comes to technology, specifically matter management systems, small firms on average preferred a cloud-based system versus an installed system.
There is also useful guidance from the Law Society, which outlines the key risks that need to be mitigated by firms that opt for cloud-based tools. These range from the obvious risks around security, data confidentiality, and location of data, to questions about the cloud provider, such as service reliability and stability, response time, and enforcing service level agreements.
Firms can also expect their cloud service providers to offer reassurance around industry standards, such as ISO certification, data encryption, and vulnerability and threat assessments. They may also want to ask broader questions of their cloud provider, perhaps about reputation and even about financial stability.
Mobile device management
Keeping information in the cloud invariably leads to questions concerning the mobile devices used to access that information, particularly if they are lost or stolen.
Mobile device management (MDM) technology is now a relatively well-established piece of software that can offer some control over such risks and can permanently wipe all firm data from a device in the event it is lost or stolen.
Even more advanced than this is technology which monitors the location of a device using GPS services. It can temporarily remove sensitive data if the device crosses a border into a non-EU country when that device should not be taken outside of
the EU.
Cloud-based tools can offer greater flexibility for organisations and MDM solutions will be of interest to firms running a 'bring your own device' (BYOD) programme. When coupled with a mobile working policy, such technology can also demonstrate to insurers that you take data security risks seriously.
Enterprise relationship management systems
Policies, however, are only as good as the people who remember to use them and are willing to follow them. Having a written policy in place might help assuage the concerns of an insurance malpractice carrier to a certain extent, but firms can do much better than that in almost all instances by effective use of modern legal technology.
Enterprise relationship management (ERM) systems can offer a firm visibility into relationships without having to rely on employees to divulge their relationships.
Certain law firm policies may, for example, say all employees must advise the firm of any outside interests or relationships, fiduciary or otherwise, that might have a material impact on a potential conflict of interest with existing or future work the firm might undertake.
ERM technology will mine data from email traffic, diary appointments, and telephone calls to automatically build databases of the external relationships that a firm's employees have.
This not only helps with client selection but also with improved business development and case management.
Practice and case management technology
With regard to statutory and regulatory compliance, all firms should have technology in place to control effective anti-money laundering procedures that ensure no new business is taken on that hasn't been screened effectively.
In addition, all firms should have technology in place that ensures client monies are managed according to the Solicitors' Accounts Rules. And, there are now of course the new Jackson reforms for litigation matters, and the requirement for firms to produce precedent H budget reports for the court.
Modern practice management systems will not only help control the new business intake process, but will also provide a single point of entry for all new business information. This provides an essential audit trail that runs from initial intake through conflict search, review, approval, and creation of a new matter.
Practice management systems can range from fully integrated systems which combine back and front office processes, to smaller 'out of the box' systems that focus on case/matter management, and which are hosted in the cloud.
While the benefits of such technology may be clear, the survey conducted by Thomson Reuters among small firms showed 29 per cent were not using matter management software at all, but were instead relying on a mix of word processing tools, spread sheets, diaries, and paper checklists.
The inefficiencies and data security risks associated with a manual or piecemeal approach to matter management are obvious. What's more, such an approach is unlikely to give a good impression to clients and insurers alike. At a time of heightened competition, it's important for firms to be easy to do business with and seen to be managing matters efficiently.
Managing ethical walls
In the area of client risk, there are several variations on things that could go wrong and give rise to a complaint or a claim, particularly if matters are not closely managed.
We have already discussed new technology available to help unearth and make visible potentially hidden relationships, but what about technology to help control access to data between clients and matters (known as ethical walls)?Firms often need to restrict internal access to client information for a number of reasons, including taking on new business and bringing in lateral hires. There is technology that literally stops an employee from seeing a client name, matter description, or any documents where they are 'behind an information wall'.
Such technology protects against inappropriate or accidental access to confidential data. It can also play an essential role in winning business, and taking on lateral hires may depend on a firm's ability to enforce an 'ethical wall'.
Additional benefits
The best modern legal technology offers ample and robust functionality to provide visibility and control, and with this functionality there are usually additional benefits that can be gained, such as better security, greater connectivity, and improved business continuity.
The same technologies that allow firms to manage processes to control risk also allow them to manage processes in a way that optimises efficiency and, of course, profit.
Look at the technology that controls the process around anti-money laundering: the functionality of the controls ensures that the overall new business intake process itself is as efficient and consistent as possible, saving time and resources.
Or, take the example of the technology that mines data from email and telephones looking for relationships. Once a firm truly understands the relationships it has, that information can also be used for business development and cross-selling purposes.
By implementing modern technology to manage risk by providing visibility and control, a firm will ultimately become more profitable: a classic win-win if ever there was one. SJ
Patrick Hurley is vice president, customer advocacy for Thomson Reuters Elite @thomsonreuters