Friday, March 27, 2009

Trend Spotting

There is an interesting trend developing lately in terms of how large law firms are adapting their business models to incorporate LPO. Interesting, because it's evolving in a way few had predicted.

If you sort legal offices into three general categories, they shake out like this: In-house corporate counsel, large corporate law firms, and small/medium sized private practices. In many peoples' minds, the most likely LPO early adopters would be the in-house corporate counsels, because the culture of big business has already embraced outsourcing an array of other back office functions. That is, for corporations there is less of a mental shift required to see the value in LPO. Additionally, corporate attorneys already outsource significant amounts of work to outside counsel. Again, no change in worldview required.


Many industry watchers then site the small and midsize firms as the next enthusiastic users of LPO, thanks to the ability of an LPO to provide flexibility, e.g. overnight turnaround, ultra affordable pricing, and scalability to support peek demands on a smaller firm.

The sector that many thought would be the slowest to embrace LPO was the well established, conservative larger firms. The conventional wisdom was that these firms, with their seasonal hiring patterns, established hierarchies, and entrenched billable hours model would be the slowest to evolve based simply on inertia.

So much for conventional wisdom.

The trend that we're seeing take root is that of large firms actively aligning with an LPO to then present their services to corporate counsel in a convergence that benefits each party. The large firm gains an advantage over their competitors with the significant savings the LPO provides; the LPO benefits by the association with well established domestic firms; and the in-house counsel enjoys the dual benefit of cost savings managed by a firm with whom they already have a business relationship.

And it doesn't seem unreasonable to conclude that the driving force behind the trend is the recent financial crunch, which has forced corporate counsel to demand changes from the firms they traditionally hire.

Friday, March 20, 2009

Protecting Client Confidentialy through Personnel Management

We've discussed the tangible, hard-wired aspects of protecting client confidentiality through data security -- the systems an LPO needs to have in place to control data collection, as well as access and utilization.

The other aspect of protecting client confidentiality is a bit, well, squishier. It's not the binary, flow-chart dictated, password protected black and white of data systems. Instead, it is the softer science of personnel management and all that it entails -- personalities, histories, and motivations.

Softer, yes, but no less demanding and integral to the ethical obligation of ensuring confidentiality. So, to fully realize the duty of confidentiality, an LPO needs to compliment data integrity with a multi-faceted approach to personnel management.

Employee Vetting - The first step, clearly, is the completion of a thorough background and reference checks, as well as confirmation of professional standing.

Contractual Provisions - Each employee - onshore and offshore - must be subject to Confidentiality and Non-Disclosure Agreements.

Education and Training - Admission to the Bar in most jurisdictions is contingent on passing the Multistate Professional Responsibility Examination, so it reasons to follow that offshore attorneys should be proficient in the same model rules.

Business to Business - An additional mechanism that can be employed is an individual confidentiality agreement between the LPO and counsel.The ABA strongly advises these agreements, and the Association of the Bar of the City of New York (Ethics Opinion 2006-3) recommends “contractual provisions addressing confidentiality and remedies in the event of breach, and periodic reminders regarding confidentiality.”

Corporate Culture - Another consideration for an LPO is cultivating a corporate culture that puts a premium on low attrition. A stable work force to some degree reflects company loyalty, and it can mitigate confidentiality risks by minimizing the number of former employees in circulation


Just like data systems need ongoing QA efforts, personnel protocols also need periodic reinforcement to be maximized. Personnel management within an LPO -- in the service of protecting client confidentiality -- must be understood to be an continual process.

Friday, March 13, 2009

The Paperless Office and Data Security

There are a number of components to ensuring data security within an LPO. We’ve discussed the importance of onshore servers for housing all data.

One fundamental purpose of the onshore server is to allow offshore access to information without actually capturing that information. Furthering the safeguard against third-party personnel capturing any data is the implementation of the paperless offshore office.

Obviously, the paperless office has no, um, paper. In the event that any paper or writing instruments are occasionally necessary, it is an important requirement to shred the paper at the end of every shift and collect all writing instruments.

But the paperless office goes further than that, encompassing a complete defense against any method of capturing data, including:

• Restricted computer functionality for individual computers with limited user rights and disabled media drives and USB/printer ports
• Secure individual computers with PC firewall and antivirus protection
• External internet access restricted to certain sites/computers within office locations
• Network monitoring and tracking capable of producing audit trail records of all files accessed on the server and logs of all incoming and outgoing mail from the servers
• A secure internet network incorporating Proxy/Firewall NAT and Port filtering
• The prohibition of cell phones and cameras in any area where client work is processed

Friday, March 06, 2009

Onshore Servers and Data Security

During March we’ll be discussing part two of our series Ethical Imperatives For An LPO: Protecting Client Confidentiality. And a key component to protecting confidentiality is data security.

For U.S. attorneys considering the value of outsourcing legal work to an LPO, there is one question that must come first regarding data security: Are the LPO’s servers on U.S. soil?

All other security safeguards come second.

When all data is stored in onshore servers, offshore attorneys are only accessing the data to complete the work, and not holding or storing the data on offshore computers or servers.

Why is this so crucial? Because data stored on servers is subject to the state and federal laws applicable to the physical location of the data. That means for data housed on domestic servers, U.S. law applies. In the rare event of some sort of breach, the originating counsel needs to retain as much recourse as possible, and part of that includes U.S. jurisdiction over the server.

Data stored on offshore servers puts the data beyond the jurisdiction of established U.S. security laws. In this instance, the originating counsel would have uncertain control over investigating and/or enforcing security concerns.

Additionally, while the risk of third-party data security breaches (that’s a lot of syllables to say “hacker”) is the same regardless of the server’s physical location, the United States’ long-arm statutes allow plaintiffs to extend personal jurisdiction throughout the country. Just one more advantage to requiring onshore servers from your LPO.