In the last few years, the pace of transformation in the legal industry has accelerated, and 2014 looks to be another year marked by significant changes in the way legal professionals do business.
Corporate counsel and law firms continue to face serious challenges, chief among them persistent budget pressures, increasing data volumes and matter complexity, expanding workloads for attorneys and decreased hiring, and louder demands from stakeholders for better accountability and internal controls.
General counsels and law firm executives are also beginning to grapple with an array of technology-related security threats that have emerged in the brave new world of electronic evidence, cloud-based computing, increased reliance on third-party vendors and the proliferation of connected machines and mobile devices with which individuals can access sensitive data.
Law schools face significant challenges of their own as firms and legal departments reduce the number of new interns and hires they are willing to take on, and as fewer applicants (sporting lower mean LSAT scores) are prepared to risk the expense and effort of a legal education with so much uncertainty awaiting them at the end.
Key trend of 2014: A revised view of legal process outsourcing
Severe budget pressures are forcing organizations to continue to explore ways to reduce costs, and the end result is that more dollars are likely to flow to legal process outsourcing firms (LPOs) this year. While it is true that outsourcing has been regarded as risky in the past, especially with respect to the quality of work product, perceptions of LPOs as cut-rate operations are quickly changing, and the relationship between legal teams and LPOs is moving beyond tactical, transactional considerations.
The GC perspective
Already in 2014, plenty of legal services are being bundled into outsourcing. GCs are reevaluating where each piece of the litigation lifecycle belongs: Should we do it internally? Turn it over to a law firm? Put it in the hands of a third party? While the mix varies considerably among legal departments, many GCs are now proactively budgeting for outsourcing.
Most are allocating resources to electronic discovery and document review, but do not be surprised to see LPOs tapped for additional services as GCs continue to scour the vendor landscape for ways to make budgets more stable and predictable, and streamline processes across the entire litigation portfolio. Today, it is much easier to find LPOs that have been around for a while, have managed a number of large and complex projects, invested in advanced technology, and have developed best practices approach to legal process. This maturation signals an important shift in the relationship between GCs and outside vendors.
In 2014, more GCs will begin to look at LPOs from a long-term value perspective rather than focusing exclusively on unit pricing. GCs are finally beginning to recognize that low per-gigabyte pricing in itself presents little opportunity for cost savings in the long run, and hiring a low-cost vendor for a single case does not begin to address the fundamental challenge of developing more effective, efficient legal and business processes.
Instead, corporate legal departments will seek vendors who can help them develop comprehensive strategies for defensibly managing data volumes over multiple matters while optimizing the processes that drive an in-house legal department. That is the only way GCs are going to win the budget battle in the long term. Look for the new emphasis on deriving value over multiple matters and process optimization—as opposed to a focus on cost alone—to become apparent in the procurement process. We can also expect a thinning of the ranks in the crowded LPO landscape over the next three years, as vendors with a solid track record helping GCs achieve financial stability and gain tighter control over compliance and security challenges rise to the top.
Law firm perspective
Expect law firms to make increasing use of LPOs in the coming year as well. It was not that long ago that firms were investing in a build-up of infrastructure and personnel to better manage e-discovery and to address challenges related to rapid increases in data volume and evolving technology. Now, the pendulum has begun to swing in the opposite direction. Law firms are struggling to meet the service levels their clients expect, and they are turning to outside expertise for help.
Two areas in particular should become fertile ground for vendors looking to make inroads with firms: the rush to the cloud, and the shift toward managed legal services. In many firms, IT budgets have gotten out of control. At the same time, security—an area in which some firms have become complacent in recent years—has become a big worry. Law firms need to find ways to increase data security without increasing spending. This is driving them to adopt cloud-based services that, in many cases, can be managed more efficiently and cost-effectively by outside providers. In fact, many firms are axing entire departments in favor of outsourcing or insourcing, and they are finding that third parties can provide the same services with better security and at a much lower cost.
In a related development, increased costs at firms and declining billability are leading to an increase in the use of managed legal services. Firms are cutting non-practicing lawyers and litigation support personnel because they have found they are not using them effectively enough to justify their salaries and benefits. Increasingly, firms are finding the right vendor or combination of vendors can do the work better and for less money. Document review, contract management, legal research—these are just a few of the functions that law firms are deciding to turn over to third-party specialists in favor of focusing on legal strategy.
The flip side of the outsourcing trend is that law firm lawyers are getting back to basics. They are renewing their focus on practicing law and being subject matter experts. And it is not just that they feel more comfortable in the legal domain. The return to core legal functions is another reflection of a fundamental shift in perceptions of LPOs. Until recently, both GCs and law firm executives have been wary of outsourcing because it was associated with a higher level of risk. But now the equation has changed, with many firms concluding that trying to manage every activity in-house, especially highly sensitive functions like IT security, carries its own risks.
Privacy and security trends
It is hard to summarize the tectonic shifts we have seen over the last year in the areas of data privacy and security. From NSA surveillance to the Target breach, cyber security has been front page news for much of the year. The convergence of the legal function with that of IT security has never been more prevalent—a trend we would expect to accelerate in the coming year.
The specter of state-sponsored cyber attacks have certainly been center-stage for the last few years. But over the past year the dialogue has shifted from a focus on Chinese industrial espionage to a broader look at governments, including most notably the United States, intruding on private networks in the interest of national security. One prominent American law firm has already confirmed that their confidential communications and documents were compromised by the U.S. government seeking to gain insight into trade negotiations involving Indonesia, the firm’s client. Whether the active dialogue will result in meaningful changes for state-sponsored actors is uncertain. But it is clear that no one should again question the capabilities of well-funded and motivated cyber intelligence agents. Corporations have been investing heavily in security in recent years, but as stories of compromised data continue to proliferate, we can confirm that the bad guys have been investing as well. The massive breach of retailer Target’s payment processing and point-of-sale system late last year appears to be traceable to the stolen network credentials of an HVAC vendor. This highlights an emerging security trend in which hackers are reacting to increased security spending by primary targets by refocusing on third parties and service providers that can provide indirect access to the same information they seek. The convergence of technological and physical security is an important recent development among enterprises, and the degree to which third parties are responding to this specific challenge is likely to be a key factor, which LPOs competing for business will be closely scrutinized on in the coming year. Current indications are that data security and privacy protection continue to climb the list of criteria used to assess outsourcing providers. Also, even as vendors play an increasingly important role in the corporate legal environment, GPs are likely to keep the number of vendors they engage relatively small, in large part to limit exposure.
Law firms are viewed as a potential “soft underbelly,” ripe for exploitation by attackers seeking access to valuable information belonging to the firms’ corporate clients. Many firms are now acting swiftly if belatedly to assess risks and implement demonstrably stronger measures to protect their clients in 2014. But firms must fight a cultural tendency to compromise security in favor of convenience, allowing their attorneys to do things like download sensitive files to unencrypted USB drives, travel with unsecure laptops, or connect to secure networks from a poorly secured home PC or mobile device. The tendency to view security threats as hypothetical in the law firm is still common, but look for this to change in the coming year as macro trends begin to infiltrate the law firm executive mindset, and as corporate clients begin to direct pointed questions to outside counsel about their security protocols.
Finally, lawyers in all practice areas will be under increasing pressure to gain a basic understanding of data privacy and security best practices and regulations. The SEC’s guidance on disclosing cyber risks in public filings is becoming more of a focus. HIPAA now holds “business associates,” including law firms, directly liable for privacy and security lapses. Conducting cyber due diligence to assess the information security and privacy risks of a proposed transaction will become more commonplace, particularly for transactions involving highly valued IP or in industries with significant consumer privacy exposures. Class action litigation and regulatory inquiries arising out of data breach incidents will continue to increase as well giving rise to an entirely new segment in the field of e-discovery. Lawyers defending breached entities now must be sure to preserve, collect, review and analyze a whole new classification of corporate documentation relating to the company’s information security posture. Indeed the list of documents Target was asked to produce to Congress, including information relating to Target’s strategy to protect against “threats posed by memory-parsing malware,” will cause palpitations in even experienced technology lawyers. You can bet that plaintiffs’ counsel will follow Congressman Waxman’s lead and begin asking for very technical documentation relating to breach incidents. And this is just the beginning.
Law schools: Crisis and innovation
Finally, let’s not forget that the recent wave of budget pressures, technological developments and evolving business models in corporate legal departments and law firms is having a tsunami effect on law schools and prospective law students. Data
posted by the ABA in January 2014 indicate enrollment in law schools continues to decline, with 132 of 199 schools experiencing enrollment drops.1
Overall, these first-year enrollment numbers have not been experienced by U.S. law schools since the 1970s.2
Many recent law school graduates have found themselves loaded with debt and struggling to find work in the current environment. As a result, potential law school applicants are not choosing a legal career. This trend is reflected in the declining number of LSAT and law school applications, and many schools are reporting lower median scores for applicants. This decline will likely affect law schools in different ways, with many elite schools choosing to admit fewer applicants rather than dilute the overall quality of their incoming class, while other schools with rapidly diminishing resources and increasing costs may elect to hold enrollment numbers steady to maintain their current tuition income levels.
Meanwhile, law schools across the spectrum still have to pay the salaries of faculty and support staff, and many are scrambling to find the funds necessary to maintain expensive clinical programs, as well as the large law libraries required for ABA accreditation purposes. University of Colorado law professor Paul Campos created a stir last fall when he published
an analysis indicating that 80 percent to 85 percent of ABA law schools are operating at a deficit. As the money crunch tightens, look for some consolidation among schools to save on the considerable overhead it takes to run an accredited law school.
Many law firm clients are now quite vocal about their determination to stop paying top hourly rates for the fairly basic legal work that most junior associates traditionally handled. This has translated into fewer externships being available for students and fewer jobs for new graduates. That, in turn, has encouraged an increased focus on practical skills and training in legal education, as law school try to find new ways to prepare their students for the current realities of the job market.
Some law schools are changing their curriculum accordingly, turning the third year into more of a practicum—something like a residency in medical school—while others are partnering with service providers to give recent graduates real experience working with actual legal matters and hands-on training using cutting-edge legal technology. Developing legal and technical expertise in the issues that clients currently face with exploding amounts of data, highly complex privacy and security issues and enormous e-discovery costs represents a huge opportunity for new law school graduates. Proactive law schools will provide their students with more opportunities to become familiar with these issues and develop proficiency in the critically important (and constantly evolving) technology used in our legal profession.
In short, the coming year will provide little relief to current and aspiring legal professionals yearning for continuity and stability. The good old days of secure employment and well-compensated billable hours are probably over for most of us, and success will be reserved for those individuals who are willing to adapt to powerful forces of change in technology and business practices, which are transforming the very culture of the profession.
Jason Straight is the senior vice president, chief privacy officer with UnitedLex. He has more than a decade of experience assisting clients in managing information security risks, data breach incidents, data privacy obligations and complex electronic discovery challenges. Prior to joining UnitedLex, Straight held numerous leadership positions at a leading global investigations and cyber security company, most recently as a managing director in the cyber investigations practice. Straight began his career as an attorney at Fried, Frank, Harris, Shriver & Jacobsen in New York. As a recognized domain expert and certified information privacy professional, Straight is a frequent speaker and author on topics relating to data privacy, cyber security, data breach response and computer forensics.
By Jason Straight, Joseph Dearing and Dave Canfield
Joseph Dearing is executive vice president of Global Legal Solutions at UnitedLex, a leading global provider of legal and data management and consulting services. Dearing leads the UnitedLex academic division, which focuses on partnering with leading universities to drive value and advance educational development. He is also active in both UnitedLex litigation and intellectual property practice areas. Dearing has more than 20 years of experience managing complex litigation, including high stakes patent infringement lawsuits and cross border shareholder class action matters. Dearing has also been actively involved in M&A transactions and managed teams of in-house and outside counsel focused on achieving successful results in the most practical and efficient manner possible.
Dave Canfield is senior managing director, client solutions at UnitedLex, assisting clients in the creation of discovery, data collection and case management strategies, and with the development of systematic processes and documentation to support repeatable, efficient and reliable electronic discovery procedures. A strategy and legal expert in managing the stunning volume of information and data involved in current business practices, Canfield was recently highlighted on Forbes.com in a feature entitled CIOs, Electronic Records and the Law.
1 Karen Sloan, “ABA Releases Details of Law Schools Enrollment Declines,” The National Law Journal, 3 March 2014.
2 Jennifer Smith, “First-Year Law School Enrollment At 1977 Levels,” The Wall Street Journal, 17 Dec. 2013.