The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/11430
LESSONS LEARNED A Letter from the Future: Risk Management and Technology in 2020 G reetings from the Year 2020. Mysterious forces have granted us the opportunity to reveal some insight from the future about the state of law firm risk management and compliance in 2020. The future is a marvelous place. For law firms, much has changed and many organizations are thriving. But there are also new dangers and challenges for firms. To help you prepare your firm for the future, we have three important messages to share, based on our experience managing risk and IT organizations at our firm: a warning, a lesson and a suggestion THE WARNING: Compliance Will Only Grow More Complicated and Become More Important The trend started growing in your day. In 2010, new laws and regulatory rules took effect which explicitly applied to law firms. For example, the HITECH Act extended HIPAA mandates for personal health information to non-healthcare providers. And various states, such as Massachusetts, enacted strict data privacy laws. These rules, with their confidentiality and breach notification and disclosure requirements, were just the start of what was to come. You probably also noted the ongoing ABA and FTC fight over whether Red Flag confidentiality rules applied to law firms. This was not the last time law firms and regulators clashed. Indeed, you were just at the start of a trend that continued for the next decade. For example, the ABA Commission on Ethics 20/20 published new and updated rules in the ensuing years, as part of its efforts to review and revise professional standards. Because many of the laws and rules created in your time (and several others created since) place ultimate 106 www.iltanet.org Peer to Peer responsibility, and liability, on the primary creators and caretakers of sensitive information, clients in 2020 take much greater interest in internal firm practices and controls. You probably see that increasing already, with stricter outside counsel guidelines and more detailed RFP criteria on confidentiality. In your day, experts began advising corporate clients to commission third-party audits of their business associates and law firms to verify that adequate protections were in place. Today, firms live under much closer client observation. Our compliance team must frequently produce reports, respond to a variety of external calls for information and face regular practice reviews. This is especially true when we work across international borders and regulatory frameworks. To meet these challenges, we conduct our own regular internal audits and work with expert external consultants to benchmark our practices and capabilities against peer firms. In a highly competitive legal marketplace, where firms are eager to capitalize on any advantage or peer misstep, our firm’s management has made it a strategic priority to invest in preparedness and avoid surprises. THE LESSON: Smart Use of Technology Will Help You Win As you might expect, technology remains integral to the practice of law. Software has always played a role in compliance, but today that role is much more central to law firms. As a compliance officer or IT stakeholder with risk responsibilities, you should get ready for a more prominent role in the future. Driven by external rules, client demands and the need to better protect the firm, technology has stepped up. What started as records and conflicts, and grew to confidentiality and data leakage prevention, has evolved into a more sophisticated, holistic approach to law firm compliance management. While