The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
20 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2018 CASE STUDIES Why I Read Outside Counsel Guidelines Outside counsel guidelines (OCGs) have been around for years, but law firms largely ignored them or thought of them solely as detailing what clients were willing to pay for services such as copies, legal research, etc. Originally limited to expectations and conditions that were reflected in their outside counsel's engagement leers, the scope of OCGs has expanded over the past few years due to the increased bargaining power in-house legal departments wield over law firms. Some corporate counsel now go into great detail in their guidelines, rigidly leveraging them to cra the terms of engagement and turn the tables on their external counsel. To ensure your firm complies, you need a process detailing how your information security and governance leaders will review these guidelines as a regular part of your new maer intake process. Receiving and Negotiating OCGs OCGs come in a variety of formats and are sometimes called other things, such as litigation guidelines or legal billing requirements. If a client is large enough to have a general counsel (GC) role in-house, it is likely that client is going to hand one of these guideline documents to your client lead early in the process. Seing boundaries that hold all parties accountable to the same set of standards related to billing, maer management and corporate policies has become an established practice for your clients with in-house legal departments. The process of agreeing to these guidelines is subject to negotiation - what lawyer would not consider terms negotiable? - but the expectation is that the firm will abide by them once they are accepted. Some clients hand you their guidelines once and are done with it; others present you with new guidelines as they are updated – perhaps annually, perhaps every few years. Some will give you the same copy like clockwork every time a new maer is opened. However – and however oen – they come in, the guidelines go from one lawyer to another, then to your firm's risk management/conflicts group (if you have one), then on to your accounting/billing department (if you have one). In a small firm the partner that brings in the client might fulfill all these roles. Since it is fairly new, this process is not something in which information technology, security or even records department staff have generally been involved. Instead they must rely on being alerted to any specific requirements by the legal or administrative teams - perhaps an administrative assistant, paralegal or maybe accounting staff as they are seing up the maer. Due to the increase in cyber security incidents and risk awareness, more and more GCs are adding information security and governance controls to OCGs (whatever they may be called). Some guidelines have morphed into the equivalent of a Service Level Agreement that also defines how maers are going to be accessed, the degree of encryption required in transit and at rest, what constitutes a breach based on the client's standards, how soon you have to notify them of a breach and even what remedies your firm might be required to provide to the client's employees and customers in the event you cause a data breach. Billing and rates are not the only line items in-house counsel should be worried about these days. by Jon Washburn Why I Read Outside Counsel Guidelines