BYOD in Law Firms

June 2, 2013

A survey conducted earlier this year by the market research company YouGov revealed that almost half (47%) of UK adults now use their personal smartphone, laptop or tablet computer for work purposes. Worryingly, according to the Information Commissioner’s Office fewer ‘than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising concerns that people may not understand how to look after the personal information accessed and stored on these devices’.

In the past lawyers were neither able nor expected to be in contact with clients when they were out of the office. Now that we live in an ‘always on’ age, a client expects to be able to contact his/her lawyer pretty much on demand. If they are not able to do this, might they consider using a lawyer that they can be in contact with? In this era of constant communication, many lawyers have taken it upon themselves to circumvent procedures and to use their own smartphones, tablets and laptops to help them to communicate better with their clients and to stay up to date with case loads.

While this can be seen as a conscientious and diligent move, it also carries risks to the integrity of corporate and personal data. What happens if an employee leaves a smartphone or laptop on a train with corporate data on it for example? Could your client confidentiality potentially be compromised? And who pays for the equipment, repair costs, subscription costs etc?

Darren Gower, Head of Marketing for LSSA member company Eclipse Legal Systems comments: ‘BYOD is all well and good, but there is an issue of disconnection – firms need to make sure that the devices used are integrated with the core case / matter / practice management solutions used in the office. The risk is that the benefit of BYOD is outweighed by potential duplication of effort, if the lawyer’s device and the firm’s main systems do not talk to each other’. He goes on to give this advice: what is needed is a technology / system that presents selected data from the main office systems to fee earners, and lets them access information securely, consistently and across any available device (including the myriad of smartphones, tablets, etc).

Analyst David Johnston from RBP Ltd has strong views on BYOD: ‘The challenge from BYOD is really a cultural one …. Adopting the mind-set of getting the security to cope with all comers – and probably especially the dodgy ones – is a nightmare in complex commercial law practice, but that’s the challenge. The esoteric spec, sharing complex data and licences with external niche players – and yes, the use with spouses and kids in odd locations with exposure to all sorts of “social” risks to boot – is simply not going to go away. It is more likely to become the norm for the partners you really need – the ones who know how to drive new business. Get it right and you stay in the game. Hunker down, and you just reinforce the perceptions of your firm as one of the also-rans. Complicate it and delay it at your peril.’

It is clear that BYOD technology is here to stay. People need to feel comfortable with the technology that they are using, and that normally means that they want to use their own devices. Law firms need to tap into the BYOD culture, maximising the opportunities whilst observing the related security and data protection issues. So, as a law firm, how do you monitor and control the private use of technology? To help, the ICO has recently issued a set of guidelines. Some of the key points to consider can be seen online.

* Who will be responsible for monitoring the policy?

* What type of personal data can be processed on the personal device and if it is stored on the device how can this be safely deleted when not in use?

* Strong passwords are needed to secure devices

* Automatic locks should be fitted on devices to prevent unauthorised access of information

Ensure the user knows when to delete information and how to maintain a separation between personal data and data used for the purposes of work

*Establish which documents are allowed to be accessed through a personal device

* Consider what and how controls can be put in place if the device is lost or stolen

* Establish who pays for the cost of maintaining the device if it is being used for work purposes

* What happens on termination of employment? 

Ian Wimbush, Chairman at Peapod LegalOffice, is Chair of the Legal Software Suppliers Association (LSSA):