Big Banks Worried About Outside Counsel Who BYOD

Note to Big Law: When you’re working with Wall Street, don’t BYOD. At least not until the devices are configured to secure data.

That’s the anti-Bring Your Own Device message the country’s biggest banks and financial institutions are trying to convey to their law firms, according to the global chief operating officer of Goldman Sachs’s legal department.

Actually, Goldman’s Jeffrey Isaacs doesn’t care if the outside lawyers his department hires have personal smartphones in their pockets—he just doesn’t want them to use the same devices for business.

He spoke to a small gathering of in-house types who had been invited to attend a panel discussion called “Legal Departments Under Pressure,” which was held at the Yale Club in Manhattan on June 19. Isaacs underscored his point by picking up the two smartphones on the table in front of him.

“Everyone on Wall Street” uses separate devices for business and personal data, he said. But the law firms they hire as outside counsel haven’t gotten on board, he complained. The firms are apparently worried that they will be at a “competitive disadvantage”—especially when recruiting talent—if they agree to enforce stricter data-security standards for smartphones, tablets, laptops, and other digital devices.

Isaacs wasn’t the only panelist who expressed concern. The subject was first raised by moderator Kris Satkunas, director of strategic consulting at LexisNexis, which sponsored the event (organized by Sandpiper Partners LLC). Panelist Lani Quarmby, associate GC who oversees outside counsel management at Bank of America, said she and her colleagues spend lots of time talking to law firms to see how they’re protecting data.

“Can you imagine if a law firm had a breach” of their clients’ confidential information? “We wouldn’t work with them again,” she said.

Rose Battaglia, global chief operating officer responsible for Deutsche Bank’s legal and compliance departments, also chimed in. For the first time her team is being asked to perform risk assessments of their law firms. In a world where companies are responsible for the behavior of their vendors, law firms are among the last vendors they’re assessing, she said.

Isaacs said that companies understand that federal regulators are eager for them to resolve the issue. He has a sense that if companies don’t, the regulators will step in and impose a solution for them.

Many of the largest banks and financial institutions are concerned enough that they have joined together to attack the problem as one, Isaacs said. He and his counterparts have identified 11 big law firms and have begun a dialogue—mostly with the firms’ chief information officers, along with a smattering of partners, he said.

They plan to voice their concerns in a more public way at a conference in Las Vegas in August, Isaacs added, referring to the upcoming International Legal Technology Association event. And if that doesn’t work, he concluded, Goldman intends to host a data-security meeting in October.

If there was a time when BYOD sounded like an acronym you might see at the bottom of a party invitation, apparently those days are gone. The message from the big banks seems clear: Sober up!

A browser or device that allows javascript is required to view this content.

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

In-House Counsel Go to Privacy Boot Camp

Image: Maksim Kabakou via Shutterstock

On the first day of classes last week at the Information Privacy Summer Institute (IPSI) in Portsmouth, New Hampshire, Omer Tene, a leading scholar in the privacy field and one of the professors, wasn’t planning to lecture on government surveillance in a course that’s designed for private-sector professionals. But the news leading up to the two-week institute, a collaboration between the International Association of Privacy Professionals (IAPP) and University of Maine School of Law, not surprisingly, altered the Day One lesson plan.

As a National Security Agency contractor’s leaks to media outlets about surveillance programs involving U.S. telephone and Internet companies dominated news coverage, well, everywhere, Tene says he decided to go “a bit off-script,” discussing the legal basis for such programs, per the FISA Amendments Act, the USA Patriot Act, and the Electronic Communications Privacy Act.

“For lawyers, that’s probably the first issue that we address,” Tene tells CorpCounsel.com. “Of course, there are some broader policy, or perhaps moral, or ethical issues here, but as lawyers we first look for the legal underpinning.”

If that sounds like a simple truism, it is one that is becoming ever-more complex in a field of changing technology, regulations, and customer expectations around digital privacy. Hence, the IPSI, which has drawn 30 students—a combination of in-house counsel and Maine Law students—in its second year, for courses on the foundations of global privacy law, and advanced practice issues on data privacy, security, and management.

On one hand, the program is meant to offer “actionable, relevant” lessons for law departments, says Trevor Hughes, IAPP’s CEO and president (and a Maine Law graduate). “This is a boot camp to beat all boot camps” on the topic of privacy, he adds.

At the same time, the institute’s founders see it as an entrée to the field for lawyers in training, particularly as law grads across the country struggle to find jobs. While IAPP’s membership of 13,000 has been growing by leaps and bounds, up 3,000 people in the past 12 months, “We’ve also recognized that we need an onramp to the profession,” says Hughes.

Maine Law, one of the smallest law schools in the country with about 85 to 90 students per graduating class, views information privacy as a major prospect for its graduates. Any time there’s regulatory, technical, and professional disruption, explains professor Rita Heimes, director of the school’s Center for Law and Innovation, “it always creates opportunities for lawyers.”

Heimes credits Maine Law alumni such as Hughes and Justin Weiss, senior director for international policy and privacy at Yahoo, with telling her the school needed to jump on the burgeoning job prospects in the privacy field. So three years ago, the school decided to be “much more strategic” in its approach to privacy, and now, she says, “We’re on it.”

The school offers a three-credit course on Information Privacy Law, which is taught by Hughes and Andrew Clearwater, a fellow at the Center for Law and Innovation who has been charged with enhancing Maine Law’s outreach in the privacy community. Students have had privacy externship opportunities with IAPP and Monster.com, as well as internships at IAPP, Digital Policy Group, Phillips Electronics, and CVS/Caremark.

For motivated students who already know they want to specialize in privacy, Heimes says Maine Law’s relationship with IAPP is giving them “a unique pathway” directly to that career. But the vocabulary of cybersecurity and privacy is also important to those handling transactional work, according to Heimes.

“Someone who may have been a generalist needs to know about information and data security in order to do their jobs well,” she says.

At the summer institute, students are learning just how dynamic the attendant legal principles are. Across the Asia-Pacific region, Europe, and the United States, “all of the frameworks are currently in flux, and they are being reformed and changed in the U.S. and Europe,” explains Tene, an associate professor at Israel’s College of Management School of Law, and a visiting fellow at the Berkeley Center for Law and Technology.

Meanwhile, companies are dealing with novel issues such as data storage and analysis by cloud-service providers, the increasing use of social media by corporations to engage with consumers, and even the concept of analyzing a customer’s movements in brick-and-mortar stores. In that case, the challenge, says Tene, is “whether you can do it without identifying a person, therefore implicating their privacy.”

The risk of a public-opinion backlash driven by privacy issues—and therefore the stakes for brand reputation—are high, Tene points out. So confronting privacy ahead of time, by making privacy controls and features part of products and services from the outset, should be a priority. Think of it as “privacy by design, rather than privacy by disaster—after the fact,” says Tene.

In-house counsel also have to make sure compliance is “under control,” says Tene, given the complex (and evolving) regulatory map. But legal compliance alone isn’t enough. “You can sometimes fully comply with the law, and yet create a terrible impression if you do something without bringing the consumers along,” he says—even if it’s something seemingly innocuous, like altering an online interface that consumers interact with.

Companies need to work to avoid surprises and be transparent about privacy issues. “I think when people see a value proposition, they are much more willing, and often even happy, to part with their personal information,” Tene says. “It’s when things are done in the dark and people don’t’ understand exactly what’s going on that they can be alarmed.”

A browser or device that allows javascript is required to view this content.

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

Using Data to Fix Outside Counsel Budget Forecasts

Since the 2008 economic crisis hit, U.S. corporations have been ratcheting up pressure on their general counsel to limit legal spending, and on law firms to provide detailed budgets for their work. For firms used to providing clients with ballpark estimates for outside counsel work, the new focus on precision can be a difficult transition.

“The old approach to budgeting [for legal services] was to say every case is different and can’t be budgeted,” said Craig Raeburn, vice president of legal analytics at TyMetrix, a legal software and analytics firm. “And that’s no longer a reality. Law firms understand that, and fewer and fewer are saying, ‘I can’t do that.’ ”

The question for firms is how to forecast their prices with the precision required for clients’ budgets TyMetrix recently hosted a LegalVIEW Forum event in Washington, D.C., where corporate counsel and law firms discussed billing challenges. According to a TyMetrix report on the forum, “both law firms and corporations need more information, more communication, and more insight” for successful budgeting and forecasting.

Raeburn suggests law firms use data on billing and matter from TyMetrix’s LegalVIEW, a database of performance data derived from invoices companies submit anonymously. And corporate legal departments can use data on billing to create reasonable expectations for law firms.

Raeburn says both sides need to get smarter about “the business of law.” Just having the data might not be enough, he notes. Law firms and clients should have people on hand who have business backgrounds and understand law firm operations.

Raeburn thinks that pricing directors can serve that role for law firms. On the corporate side, he points to companies like Motorola Solutions, where counsel can draw on the MBA-smarts of director of legal operations Karen Dunning.

“The general counsel needs to really, more than they ever have before, become a businessperson,” he said. “Number one, a businessperson, number two, a business lawyer.”

“Clients today have more insight and a better understanding about the fair market price of legal services,” TyMetrix says in in the conclusion of the forum report. “And so budgeting and forecasting is not only desirable, but absolutely achievable.

A browser or device that allows javascript is required to view this content.

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

Corporate Counsel Spotlight: Who Reps 2012

Corporate Counsel

September 21, 2012

Editor in Chief Anthony Paonita is in the Corporate Counsel Spotlight this month. He visited Eugene Assaf, a partner at Kirkland & Ellis, to talk about the sometimes bumpy relationship between corporate law departments and their outside counsel. Their recent conversations are also featured in the cover story that Paonita wrote for our October 2012 issue, which highlights our annual Who Represents America’s Biggest Companies survey.

View the original article here

Corporate Counsel 123: September 2012

Corporate Counsel

September 10, 2012

In the September 2012 episode of Corporate Counsel 123, web editor Brian Glaser highlights three things in-house counsel will want to know about:

The big Apple vs. Android IP battle.Potential changes to FAA regulations on using electronics on airplanes.The ACC's upcoming annual event in Orlando, FL.

View the original article here

Corporate Counsel 123: October 2012

Corporate Counsel

In the October 2012 episode of Corporate Counsel 123, web editor Brian Glaser highlights three things in-house counsel will want to know about:

The growing role of the law firm pricing director (read here and here).Tracing corporate campaign contributions with MapLight.org.Reporting from the ACC's annual event in Orlando, FL (read here and here).

View the original article here