Peer to Peer Magazine

www.iltanet.org 44 Peer to Peer that a management team — the general counsel, IT and content specialists — is needed to set the course. Beyond these recent hot buttons, the traditional areas of risk including records, conflicts, new business intake, finance, employment and IT disaster recovery, are areas where investments in people and technology continue to be sustained. The pressure to deal with risk effectively is increasing as more assets are vulnerable and the consequences are more severe. For now, risk management efforts are focused on the events that create risks to the firm's data, image and profitability, and many of these revolve around the IT department. Risk Management Themes Hildebrandt Baker Robbins recently conducted a study to gather the insights of general counsels, IT leadership, professional liability insurers, risk directors and risk vendors, and their input has given us a unique viewpoint of risk management issues and trends. Jim Jones, Co-Managing Director of Hildebrandt Baker Robbins and facilitator of the General Counsel Forum and five general counsel roundtables held each year, also contributed his perspective. We observed the following trends that are shaping risk management: Partnership of Risk leadership and it leadership: • While risk management in law firms is quite fragmented, general counsels and IT leadership are increasingly working together at the center of related activities. This partnership reflects how much law firms depend on technology and electronic information, with technology both creating and mitigating risks. As products that address risk issues come to market, general counsels will be more likely to drive technology decisions, furthering a joint risk management role with IT. Data confidentiality: • Protecting the confidentiality of information has already emerged as a leading issue for the legal community. While the improper use of information in written and spoken form is critical to control, it is the electronic form of information that dominates IT's agenda. The volume of data, as well as varying ownership and location, complicate compliance with preservation orders, ethical walls, HIPAA regulations and other expectations of security. In 2010, the widespread adoption of enterprise search and the maturity of software to automate data confidentiality, as well as concerns about law firm data security breaches, are expected to accelerate the tackling of compliance and privacy issues. Some firms are considering how digital rights management (DRM) can be applied, and, over the longer term, others are considering working toward meeting the ISO 27001 information security standard. Engagement of Professional liability insurers: • Law firm insurers are active in risk discussions and periodic assessments, yet they've not traditionally been aggressive in exploring new boundaries in risk mitigation. Recently, progressive insurers have increased investments in education for the market and have made funds available to help law firms hire third-party resources to improve risk management and compliance. Some law firms are attempting to negotiate discounts to their premiums by improving their own handling of risks and compliance. While the insurance underwriting process is expected to remain at a high level in most situations, the insurers are eager for law firms to develop coordinated risk management programs. Practice Risk: • Partners are finding themselves at the center of one of the fastest changing risk areas: client and engagement risk. There is increasing need to identify and control these risks. Pressure "The legal market is conservative when it comes to risk management, and firms often view the proactive identification of risks, along with the subsequent setting of policies and compliance expectations, as activities that cause more peril than they resolve."

• Cover