1© 2011 HILDEBRANDT BAKER ROBBINS, a Thomson Reuters business. All rights reserved.

Law Department Operations and Technology Trends

ILTA/HILDEBRANDT BAKER ROBBINS WEBINAR

REBECCA THORKILDSEN and JANE BENNITTJune 15, 2011

2

IntroductionsHildebrandt Baker Robbins is a global consulting firm providing strategic, business and technology services to clients in the legal industry since 1975. We have deep knowledge derived from experience, research and thought leadership programs. We utilize this knowledge to develop tailored consulting services for each of our clients, helping each client to achieve and exceed its most important objectives.

Jane Bennitt has 16 years experience implementing collaborative/outside counsel solutions for law departments and insurance claims organizations. Specializing in Global E-Billing, E-Billing, Matter Management, Contract Management, Data Quality, Analytics and Business Intelligence, Jane has been President of LEDES Oversight Committee since 2006.

Rebecca Thorkildsen is the leader of HBR’s Corporate Legal Technology Practice with 15 years experience in technology strategy, systems, and business processes. Rebecca specializes in Strategic Technology Planning, Legal Process Improvement, Spend Management Programs, Matter Management, Global E-Billing, Business Intelligence, Knowledge Management, Contract Management. Rebecca has an MBA in Electronic Commerce, Organizational Behavior and Marketing from Kellogg Graduate School of Management.

3

Agenda• Drivers and Trends

• Legal Project Management

• Mobile Devices

• Cloud Computing

• Social Media

• Business Intelligence

• Global E-Billing

• Contract Management

• Appendix A - Regulatory Considerations on Privacy and Data Collection

• Appendix B – Cloud Computing: A Comprehensive Definition

• Appendix C – NC Bar Association Ethics Opinion on Cloud Computing

4

Drivers and Trends

5

Primary Driver – Economic Downturn“We are experiencing not merely another turn of the business cycle, but a restructuring of the economic order.

For some organizations, near-term survival is the only agenda item. Others are peering through the fog of uncertainty, thinking about how to position themselves once the crisis has passed and things return to normal.”

“The New Normal” by Ian Davis, The McKinsey Quarterly, March 2009

6

Other Drivers • Increased regulatory scrutiny

• Continued increase in complexity, cost and risk of litigation

• Difficulty borrowing money

• Recognition of global interdependence

• Technological advances

7

Trends – Responding to the Crisis

“IT in the new normal: McKinsey Global Survey Results”, Roger Roberts and Johnson Sikes, December, 2009

8

Trends – Law Departments’ Responses• Operating models and efficiency

initiatives– Retooling workflow processes– Legal project management– Green initiatives

• Allocating resources effectively– Reducing the physical footprint of

operations– Reduction in workforce– Outsourcing, offshoring, alternative

staffing and resource allocation

• Legal resource optimization – Metrics and reports– Automated benchmarking and

predictive analytics

• Changes in technology strategy– Reliance on technology to fill gap– Cloud computing– Making workers more mobile – Meeting the needs of a decentralized

workforce– Tools to support virtual teams

• Focus on managing risk– eDiscovery preparedness – Compliance systems

• Managing information– Enterprise search – Knowledge management

• Global extension of key initiatives– Enterprise-wide solutions

• The impact of social media

9

Legal Project Management

10

Matter Management vs. Legal Project ManagementMatter Management• Strengths/What It Is

– Authoritative source of matter data• Create matter numbers• Store data important for KPIs

– Virtual case file• Serve as a portal to matter information in

other data and document stores

– Metric & reporting tool

• Unfulfilled Promise– Budget builder or predictor of timeline– Resource allocation tool– Work and task management system

Legal Project Management• Matter planning

– Breaks matters into discrete tasks– Enables assigning appropriate level

resource to those tasks– Advises on appropriate hours for each

task– Creates a budget based on resource

allocation

• Matter management– Enables budget and timeline monitoring

at the task level (status reporting, budget to actual, etc.)

11

Legal Project Management – OnIt• Target Market

– Law departments

• Modules– OnIt Process – legal service request portal– OnIt Project – project planning and task management– OnIt Premium – spend management

12

OnItProject View

13

OnItCreate and Assign Task

14

Legal Project Management – Engage• Target market

– Law Firms

• Functions– Build work process breakdown structures & Gantt charts

from templates including incorporating outside counsel guidelines

– Allocate resources & build budgets, including for alternative fee arrangements

– Monitor budgets and timelines through integration with time & billing

15

Engage – Creating Task ListSelect Template and Task List Displays

16

EngageAssigning a Team at the Task Level

17

EngageBuilding a Budget

18

Mobile Devices

19

Coming from Apple in Fall 2011

“Apple Sounds the PC Death Knell” Nick Bilton, The New York Times, June 6, 2011http://bits.blogs.nytimes.com/2011/06/06/apple-really-is-slowly-killing-the-pc/

20

Mobile DevicesTraditional Uses• Communicate

– Make/receive calls– Send/receive email

• Access calendar

• Access web

• Initial apps focused on consumer space

– Listen to music– Take and share pictures– Games

Evolution for the Business User• Portability

• eReading & document review

• Presentations

• Use business apps– Travel updates & airline boarding – Navigation/GPS

• Access cloud-based applications– Training– Board materials– Time & expense management– Database updates

• Video conferencing

• Device geo-location and remote wiping

21

Device Usage – A Day in a Life

Check schedule and email; check flight status

Wake up

Smart Phone or Tablet

Travel to Airport

Return calls and handle email

Smart Phone, Tablet

Fly to Meeting

Review and finalize presentation and draft deal documents; in spare time catch up on reading using eReader features

Notebook, Tablet

Rent Car

Access mobile car rental app to reserve car once off plane

Smart Phone or Tablet

Travel toMeeting

Return calls and monitor email as necessary; use GPS to find meeting site

Smart Phone

Meeting

Capture negotiation points, review and edit documents

Notebook or Tablet

After Meeting

Check flight status (flight cancelled!); rebook flight home using preferred flyer site; use web to a book hotel room and find restaurant for dinner; leave message at home re change in travel plans; check and respond to email and voicemail; use GPS to find restaurant and hotel

Smart Phone or Tablet

Dinner

Return calls and handle email

Smart Phone or Tablet

Check intoHotel

Conduct video conference with client to review discussions; email notes and revised documents to internal team with editing instructions and other requirements; reply to email and return phone calls; check and adjust next day’s schedule as necessary; work on other matters, accessing documents as necessary; call home; watch video on demand episode of favorite TV show; set phone for wake up alarm in time to catch flight; web check in for flight home

Smart Phone, Tablet,

Notebook

22

Mobile DevicesRisks• Inefficient for heavy document editing

• Security, access and integration with core non-cloud based applications

• Connectivity costs, especially data usage or global connectivity, can be high

• Number of types of devices and platforms that require support

• Privacy, data collection and use issues

• eDiscovery considerations

• Metadata removal tools and virus protection may not be configured for documents sent via mobile devices

• Attractive to thieves– Data security issues

Benefits• Lightweight, compact size

• Easy to use

• Increases accessibility

• Increases productivity

• Global connectivity features

• Facilitates information retrieval

• Proliferation of low- or no-cost apps

• Evolution of thin client

See Appendix A for Regulatory Considerations on Privacy and Data Collection

23

Use of Mobile Devices by Law Firms

“Legal IT Landscapes: A Global Survey of Legal IT People on the Technology Issues Affecting Law Firms in 2011,” Ruppert White and Rob Ameerum for Legal IT Professionals, page 9

24

Cloud Computing

25

Cloud Computing – Definition*

"The cloud" is a metaphor for the Internet.

“Cloud computing" can be described as the mass-market availability, through the Internet, of a range of scalable IT resources (e.g. storage and accessing of

data, applications, infrastructure).

* See Appendix B for a more comprehensive definition

“Cloud computing: Securing the silver lining,” Ashurst Communications Newsletter, April 2010

26

Cloud ComputingRisks• Foreign data storage, security and privacy

laws; US Safe Harbor certification may be necessary for foreign data stored in US

• Data must be accessible by only intended users

• Unencrypted data transmissions may compromise data security

• Should not be accessed using public Wi-Fi hotspots

• Service level agreements– Customer service– Vendor data access and data ownership– System performance and response speed– Backups and redundancy– Simple, unfettered import & export

Benefits• Likely reduced total cost of ownership

– May reduce reliance on IT staff– Minimizes or eliminates need for infrastructure– Reduced deployment time– Patches and upgrades applied more easily

• Easily scalable through purchase of additional licenses

• More collaborative between organizations: licensing and security hurdles easier to overcome

• Mobile devices can access cloud-based applications more readily and move toward true thin client

• Take advantage of software enhancements requested by other organizations

See Appendix C for the NC Bar Ethics Opinion on the Use of Cloud Computing

27

Use of Cloud Computing by Law Firms

“Legal IT Landscapes: A Global Survey of Legal IT People on the Technology Issues Affecting Law Firms in 2011,” Ruppert White and Rob Ameerum for Legal IT Professionals, page 12

28

Social Media

29

Social Media - Types• Twitter

• Facebook

• YouTube

• LinkedIn

• Blogs

30

Social MediaRisks• Message spreads very quickly

• Employees’ time

• Reliability and accuracy of sources is not always clear

• Legal liability can result from– Misuse of information from social media sites– The type of information posted– Misuse of copyrighted materials or trademarks– Users can bypass corporate marketing and pr

controls

• Companies should establish policies on – Information on the company or competitors that

can be posted by employees– Guidelines on use of sites and sharing of

personal information that may impact employees’ continued employment

Benefits• Message spreads very quickly

• Virtually free to use

• Easier than creating a web page

• Additional resource for finding information on the industry and from peers

• Excellent networking tool

• Excellent marketing tool (although not a typical use for a law department)

31

Social Media – Examples of Use by Legal• By law enforcement to locate or obtain evidence

against suspects

• Research information on opposing parties, opposing counsel, jurors

• Locate missing heirs and potential witnesses

• Ethical considerations

32

Social Media – Other Examples of Use• Build relationships with people as opposed to just

disseminating information

• Build brand

• Establish credibility and showcase expertise

• Introduce products or services

• Pass on information of interest from other parties

• Reduce or redirect marketing spend

33

Business Intelligence

34

Business Intelligence• Law departments moving beyond reports

– Metrics & KPIs– Benchmarks– Goals– Dashboards

• Advanced data sourcing and integration– More than matter management and e-billing data– Data warehouses becoming critical– Data analysts ideal

35

Dashboard Example – Goals & Benchmarks

36

Dashboard Example – OC Management

Firm 1

37

Business IntelligenceRisks• Easy to over-engineer

• Can be costly without appropriate strategy and support

• Requires training and change management, an often neglected investment

• Metric and reporting strategy requires refreshing and maintenance

• Data quality and process control

Benefits• Can be easier and quicker to use

than reports alone

• Provides a more fulsome view of information enabling management to base decisions upon multiple reference points

• Increases ROI in systems

• Improves outcome of any initiative (cost containment, efficiency, risk management, etc.)

38

Global E-Billing

39

Global E-Billing• After successfully completing rollout of e-billing in

their home country, many companies are rolling out e-billing globally as a tool for – Spend management and cost control– Ensuring compliance with mandated procedures– Knowledge management

• Standards and tools have begun to “catch up” with complex regulatory requirements

40

Global E-BillingRisks• Systems and processes must comply with

regional, federal or local laws and regulations for

– Data privacy– Electronic invoicing format and content– Data storage– Data archiving– Tax requirements

• Technology gap in some countries

Benefits• Provides insight into legal spend (particularly

supplementing what global finance and A/P systems cannot provide)

• Ensures compliance with required processes– Billing guidelines and OC policies for outside

counsel– Internal policies and procedures

• Unification of processes

• Information capture

• Collaboration

• Can be used to quantify services provided by the law department to other areas of business

• Efficient and consistent bill review and payment processes

• Aids budgeting process

41

Global E-Billing – Recent Developments• Still illegal in some countries

• Additional steps toward unification of requirements in Europe

• Most complex global requirements– Brazil– Mexico– Argentina

• Features most greatly improved– Multi-currency and tax type support– Digital signatures– Multiple AP routing and rules

42

doeAscent – Multi Currency Functionality

43

Serengeti Tracker – AP Approval Routing

44

LEDESSense – Multi Tax Functionality

45

CounselLink – Alternate Fee Agreements

46

LEDESSense Creating Advanced LEDES Invoice Formats

47

Contract Management

48

Contract Management• Law departments are recognizing the risk and cost

inherent in contracts

• Law departments are taking a lead or partner role in enterprise contract lifecycle management– The matter management system and/or document

management system is no longer sufficient– Some departments more proactive post-execution

• Document assembly and clause banks– Still an investment, but renewed interest in the spirit of

efficiency– Technology continues to improve

49

Dolphin Contract Manager Discovery View – Contracts Soon to Expire

50

Dolphin Contract ManagerContract Clause Picker MS Word Plug-In

51

Business Integrity ContractExpressUser Dashboard to Request Contract

52

Business Integrity ContractExpressContract Creation

53

Contract ManagementRisks• Wide range of technology available

• Can be costly if not properly managed

• Identifying appropriate roles and responsibilities in the contract lifecycle

• Not understanding the obligations of a company

• Failing to exploit contract terms to reduce potential costs or to maximize revenue generating opportunities

Benefits• Reducing the risk inherent in not

managing and meeting obligations

• Providing proactive and collaborative services to in-house clients

• Improving the efficiency and reducing the costs associated with company contracts and transactions

• Maximizing revenue-generating potential

54

Questions

For a copy of this presentation, email jbennitt@hbrconsulting.com or rthorkildsen@hbrconsulting.com

55

Appendix A

Regulatory Considerations on Privacy and Data Collection

56

Cloud Computing – US Regulatory Considerations• Federal regulations

– The Data Protection Act 1998 – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security

Rules

• State regulations– Massachusetts Data Protection & Privacy Law - 201 CMR 17.00 / Massachusetts General Law,

Chapter 93A – California Online Privacy Protection Act (OPPA) of 2003, California Business and Professions

Code Sections 22575-22579– 40 states have laws requiring notification of individuals whose personal information has been

compromised (see http://www.privacyrights.org/ for more information)

• Administrative Agencies guidelines– DRAFT Cloud Computing Synopsis and Recommendations of the National Institute of Standards

and Technology (Department of Commerce) Special Publication 800-146, May 2011

• Private organization requirements– North Carolina Bar Association Proposed 2011 Formal Ethics Opinion 6: Subscribing to Software

as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property, April 21, 2011 (see Appendix B for more information)

57

Cloud Computing – Foreign Regulatory Considerations

• Data Protection– EU Directive 95/46/EC on the protection of personal data– UK Data Protection Act 1998– Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – US Safe Harbor certification

• Depending on the content of the data stored, other regulations may apply

58

Appendix B

Cloud Computing – A Comprehensive Definition

59

Cloud Computing - DefinitionCloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

“Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology,” Lee Badger, Tim Grance, Robert Pratt-Corner and Jeff Voas, National Institute of Standards and Technology, US Department of Commerce, Special Publication 800-146, May 2011, page 2-1

60

Cloud Computing – Essential Characteristics• On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server

time and network storage, as needed automatically without requiring human interaction with each service’s provider.

• Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and personal digital assistants (PDAs)).

• Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the subscriber generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

• Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

• Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

“Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology,” Lee Badger, Tim Grance, Robert Pratt-Corner and Jeff Voas, National Institute of Standards and Technology, US Department of Commerce, Special Publication 800-146, May 2011, page 2-1

61

Cloud Computing – Service Models• Cloud Software as a Service (SaaS). The capability provided to the consumer is to use

the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a Web browser (e.g., Web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

• Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or -acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

• Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)

“Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology,” Lee Badger, Tim Grance, Robert Pratt-Corner and Jeff Voas, National Institute of Standards and Technology, US Department of Commerce, Special Publication 800-146, May 2011, pages 2-1 -2

62

Cloud Computing – Deployment Models• Private cloud. The cloud infrastructure is operated solely for an organization. It may be

managed by the organization or a third party and may exist on premise or off premise.

• Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

• Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

• Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

“Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology,” Lee Badger, Tim Grance, Robert Pratt-Corner and Jeff Voas, National Institute of Standards and Technology, US Department of Commerce, Special Publication 800-146, May 2011, page 2-2

63

Appendix C

NC Bar Association Ethics Opinion on Cloud Computing

64

NC Bar Ethics Opinion on Cloud Computing: Regulation Beyond Federal or State Data Privacy LawsProposed 2011 Formal Ethics Opinion 6: Subscribing to Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property, April 21, 2011

• Law firms may utilize SaaS systems provided steps are taken effectively to minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including the information in a client’s file, from risk of loss.

• “Reasonable care” includes:– An agreement on how confidential client information will be handled in keeping with the lawyer’s professional

responsibilities must be included in the SaaS vendor’s Terms of Service or Service Level Agreement, or in a separate agreement that states that the employees at the vendor’s data center are agents of the law firm and have a fiduciary responsibility to protect confidential client information and client property.

– The agreement with the vendor must specify that firm’s data will be hosted only within a specified geographic area. If by agreement the data is hosted outside of the United States, the law firm must determine that the hosting jurisdiction has privacy laws, data security laws, and protections against unlawful search and seizure that are as rigorous as those of the United States and the state of North Carolina.

– If the lawyer terminates use of the SaaS product, the SaaS vendor goes out of business, or the service otherwise has a break in continuity, the law firm must have a method for retrieving the data, the data must be available in a non-proprietary format that is compatible with other firm software or the firm must have access to the vendor’s software or source code, and data hosted by the vendor or third party data hosting company must be destroyed or returned promptly.

– The law firm must be able get data “off” the vendor’s or third party data hosting company’s servers for lawyers’ own use or in-house backup offline.

– Employees of the firm who use SaaS receive training on and are required to abide by end-user security measures including, but not limited to, the creation of strong passwords and the regular replacement of passwords.

65

NC Bar Ethics Opinion on Cloud Computing: Regulation Beyond Federal or State Data Privacy Laws• To minimize the risks associated with SaaS,

– The financial history of the SaaS vendor has been investigated and indicates financial stability.– A lawyer for the firm has read and understood the user or license agreement, including the security policy, and

understands the meaning of the terms.– The measures for safeguarding the physical and electronic security and confidentiality of stored data of the SaaS

vendor or any third-party data hosting company, including but not limited to firewalls, encryption techniques, socket security features, and intrusion-detection systems,6 have been evaluated by the law firm or a security professional and are satisfactory.

– The law firm, or a security professional, has reviewed copies of the SaaS vendor’s security audits and found them satisfactory.

– To safeguard against natural disaster, the SaaS vendor regularly backs up the firm’s data to multiple data centers in different locations within the specified geographic area.

– The agreement with the vendor confirms that access to the firm’s data will be limited to those employees of the vendor or any third-party data hosting company who are informed of the fiduciary responsibility to protect client information.

– The agreement with the vendor provides that the law firm owns the data.– Clients with access to shared documents are aware of the confidentiality risks of showing the information to others.

See 2008 FEO 5.– The law firm has a back-up for shared document software in case of service interruption such as an outside server

going down.– The firm lawyers are educated on the risks of utilizing the Internet to transmit and store client information and are

trained on security measures including, but not limited to, creating strong passwords and regularly changing the passwords.

– Security software is installed on the computers at the law firm to ensure that the user is connected to the SaaS vendor website and the computer is protected against malware, viruses, and hacker attacks.