This past year saw a lot of movement in technology, especially on the data protection side. Companies such as Apple are using privacy to differentiate themselves from competitors and Google is redesigning its traditional analytics offering in response to a tighter regulatory regime. In making the 2020 predictions for the hottest legal tech trends, I looked back at the 2019 predictions.
Last year, the predictions comprised:
- Security and fraud prevention
- Data governance
- Tech and data fluency
Given the rise in technology in the first four groupings, the predictions were accurate, and they feed into the predictions for 2020. The last prediction of lawyers becoming fluent in tech and data saw a need for fluency, but not the loud outcry predicted.
So, what’s ahead for 2020 in legal tech trends?
- Privacy program management and security tools
- Vendor management tech, including contract management with AI
- Virtual law practice
- Alternative legal services
- Life integration tools
Let’s look at each one in more depth.
1. Privacy program management and security tools
With the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), businesses cannot seem to escape new regulations on management of personal data. The requirements under data protection laws span data inventory, process mapping, individual rights, vendor assessment, incident management, notice and transparency, privacy-by-design, privacy impact assessments, and security.
The law department is impacted like any other department that touches personal data, but given the complexity of the laws, the nuances, and the varied guidance available, the law department needs to be immersed in the corporate compliance efforts.
With the new regulations comes the need for tools to manage the process. According to a report by TrustArc and the International Association of Privacy Professionals (IAPP), the privacy tech solutions have seen an exponential increase in vendors and products, but “The continued rise in new vendors . . . indicates that the market is still in early development. As more capital is invested, this dynamic market will continue to evolve.”
Privacy program management tools include employee training. The legal department should be involved in this training to the extent that it determines the timing and type of training, ensures the training meets compliance requirements, and has training specialized to legal actions provided for the legal department.
Further, the need for security to protect personal and confidential corporate data has never been greater. As privacy program management vendors have emerged, the number of security tools available has multiplied even more. Few laws specify what security needs to be in place, but at the very least “reasonable” security should be in place — and “reasonable” changes as the market grows, laws develop, and the amount of data increases.
We see in-house counsel’s involvement in this tech on a variety of fronts. First, counsel need to be involved in the initial identification of the need by translating the laws to actions by the company, driving an assessment to determine readiness and compliance gaps along with mitigating solutions.
Next, counsel need to be involved with the actions necessary to maintain compliance, such as privacy impact assessments, vendor due diligence, drafting or approving privacy notices and policies, and orchestrating the individual rights management program. Lastly, counsel must assess and manage the legal department’s compliance with privacy laws and security requirements.
2. Vendor management tech
As mentioned above, vendor management is a major component of an effective data protection program, but the need for vendor due diligence and ongoing assessment was not born from privacy laws. It has always been a concern to protect confidential assets, whether the vendor was outsourced or cloud-based. However, traditional management tools do not provide the robust insight and oversight necessary to properly oversee vendors — and law firms are traditionally vulnerable realms.
Most contract management systems (CMS) do not provide the robust and in-depth insight necessary to manage the vendor on-boarding, ongoing, termination, and M&A needs. CMS has mainly consisted of storing and organizing contracts, not managing them intelligently. For example, CMS rarely track what contracts have a clause requiring notification of acquisition before or within a timeframe afterward.
Manually searching all contracts is a huge burden rife with errors. Many CMS now include artificial intelligence (AI) that can assist with contract management but has the potential to go further — requiring law departments to acquire skills in software-driven contracts, not just contract drafting.
For example, there are quite a few offering of CMS with AI, like ThoughtRiver, which has “[a]utomated risk review and AI guided remediation of legal contracts” or LinkSquares who provides a “[f]ull-text search for keywords, phrases, and contract terms across thousands of documents within seconds.” On the more sophisticated side is Exego by Planet Data, which processes terabytes of data and extracts concepts and can identify where contracts use “standard” language versus the percentage of deviations.
Other vendor management tech includes processing requests for proposals (RFPs), completing security questionnaires or comparing them across vendors, updating renewal dates, reviewing risk management, monitoring analytics, such as cycle times and clause deviations, and managing individual contractors.
It is increasingly difficult to track required compliance items or to judge proof of compliance both for the vendors being assessed and the company that needs to certify that their vendors are compliant. With new legislation such as the CCPA that has specific requirements for service providers and the mandatory language in contracts, tech solutions are necessary.
Vendor management is a huge part of the legal responsibilities, given the inherent contractual requirements, managing terminations, and protecting intellectual property (IP) and M&A components.
3. Virtual law practice
In-house and outside counsel face the ever-increasing luxury and challenge of working remotely. This stems from a variety of drivers, such as work-life integration, travel requirements, and cost-of-living management via remote workforce. Working remotely, however, means that technology needs to be used to facilitate business activity in an appropriate manner.
Businesses are starting to support bring your own device (BYOD) policies in ways other than mobile phones, such as tablets and laptops. This requires implementing controls to configure and protect noncorporate devices, acceptable use and responsibility policies, and reimbursement protocols. This also implicates document sharing technology to discourage local storage and encourage central document management.
Contributing to this trend, younger generations tend to identify with certain tools or technology and prefer to continue using tools familiar to them when joining a new company. Companies then run the risk of having disparate “shadow IT” operations without centralized visibility or control.
Corporate cultural norms are adjusting, such as anyone working remotely should use video during remote meetings to support relationships and provide a personal touch. Thus, anyone who works in an office must still adapt to virtual practices when working with outside counsel or business unit partners.
Norms also include the prevalence of instant messaging or chat capability, which fosters less stringent communication protocols — which may in turn increase counsel involvement in potential risk situations, such as hostile work environments, chatter about IP, or inappropriate comments.
However, the virtual work environment is a tremendous advantage to business continuity and emergency activities. Counsel can easily manage workload while remote, staying abreast of litigation matters, and signing documents — all via technology.
Lastly, virtual law practice has a tremendous impact on when work is accomplished. Unlike the old telecommuting policies, it is unreasonable to expect a remote worker to be sitting at their computer in an office from 8 am to 5 pm Monday through Friday.
It is more conducive to set expectations for deliverables, including attending certain meetings, and allow counsel to perform their work at the times most convenient to them. This may be from 4 pm to midnight on most days, but as long as expectations are set and met, virtual practice will be common or at least not uncommon.
4. Alternative legal services
We have seen the rise of alternative legal service providers, who are nonlawyers or nonlaw firms specializing in providing legal services that do not require a law degree. These services comprise document review, litigation support, legal research, IP management, and analytics.
The list of services offered is growing as more legal services are enhanced through technology. The services, previously offered via law firms, are now offered by an alternative service provider, which can reduce cost, and increase speed, flexibility, and expertise through specialization.
This specialization relates directly to the growth of technology available in the legal field. According to the Thomson Reuters study, this trend provides for:
“Tech and process-enabled, well-capitalized, corporatized, digital, client-centric delivery models to provide managed ‘business of law’ legal services with augmented expertise, efficiency, value, and measurable results that law firms have typically failed to deliver.”
Currently, these alternative legal services are focused on low-risk, high-volume, repetitive tasks such as document review and corporate filings. In many cases, the alternative services are actually people with expertise or short-term availability to fill an immediate need, but as tech grows more sophisticated, so will the services.
It is easy to see where the personnel piece of alternative legal services will quickly morph into personnel specializing in certain software or tech, considering the generational gap between digital natives and digital immigrants. Many of the over-40 lawyers are not in a position to quickly learn and effectively use tech solutions, so they will rely on other professionals to drive the technology.
The role of in-house counsel is to know when there is a tech solution that best serves the project in consideration. This may be through driving outside counsel to utilize alternative legal solutions for cost and time savings along with accuracy and efficiency or identifying the need to directly contract for these services.
5. Life integration tools
One of the most needed technologies is that which can help busy lawyers manage and integrate their work and personal lives. Given the prevalence of virtual workstyles, globalization, and scope of work, lawyers seem to never be away from work. Newer generations of lawyers — digital natives — grew up managing communication channels. Their integration of tech into their workflow is more natural than for those who are learning to maximize technology.
Many mobile devices and apps now include virtual assistants that can add tasks and calendar slots based on email or oral statements. At times, this may seem intrusive, but the convenience is real. Smart homes that integrate with your car, phone, and emails can truly simplify everyday items, such as displaying the security wait line time for your flight or order groceries to be delivered right as you arrive home.
It is common for people to have two or more email accounts on their phones and to seamlessly navigate between work and personal. Unfortunately, apps also make it easy to save documents to an online service for anywhere-access. This makes it too easy to commingle work and personal documents, so counsel should remember that convenience comes with a cost.