Got no time to read? Listen to our blog on the go
“What happens in Vegas, stays in Vegas!”
In October, AXDRAFT made it to ACC, one of the premier legal conferences in the United States (if not the world!).
We attended talks and roundtable discussions by some of the top minds in the industry, and what we heard was so insightful that we just couldn’t keep it to ourselves.
Consequently, this is one of those rare times when we’ll need to break the first rule of Vegas. So without further ado, here are some of our key takeaways on building a strategic vision and accounting for ethical concerns related to using artificial intelligence.
Role of In-House Legal
We’ve said it before, and we’ll say it again. The 2020s are Legal’s time to shine.
To do this, Legal has to step into its new role of being a strategic business partner. Now what that entails is a corresponding increase in responsibilities.
Here are a few factors that drive Legal’s new area of responsibility:
- Regulatory compliance: As technology becomes increasingly adopted across all areas of business, this poses a critical challenge that must be addressed. Namely, how to not only implement and use tech to achieve certain purposes, but also how to design response mechanisms that ensure and maintain compliance with local laws.
- Digital risk: Every digital asset or software carries with it some amount of risk. This requires Legal to become more aware of the kinds of risk incurred by technology, as well as how to mitigate them.
- Information security: Sensitive data like client details must be kept secure yet accessible. To put the appropriate framework in place, Legal must learn the amount and types of sensitive information, as well as how to respond and who to report to in the event of security compromises or breaches. Since the repercussions are often legal in nature, this results in Legal having oversight.
- Digital literacy: If technology is used for all business matters, Legal will need to demand more from contract and IP lawyers. In order to guarantee the right questions and answers are said, Legal will need more fundamental digital know-how. Familiarity with privacy and security issues will no longer cut it.
- Changing processes: By integrating technology into processes, this can result in changes, such as compressing stages so that they’re more compact.
Portrait of In-House Legal
It goes without saying that in order to tackle the changing responsibilities head-on, legal teams will need to adjust their approach to business-as-usual.
The first step is to shift from a static mindset to one of growth or continuous innovation. Lawyers and other team members will need to expect that their company will demand them to become adaptable and flexible.
But that’s just the beginning.
Here’s a short checklist on what Legal needs in order to survive the oncoming storm:
- Ambition: Teams need to be hungry for success. This necessitates finding opportunities to optimize work so that more time can be devoted to higher-value projects. For instance, this could be achieved through the realization of time and cost savings by implementing tech that can handle routine work.
- Courage: It’s no easy feat to pick up new skills on the fly, yet that’s going to be the new expectation moving forward. However, the sooner you get started, the bigger the head start you’ll gain on the competition. Remember: They’re likely in the same boat as you.
- Opportunistic: Teams should remain on the lookout for impending changes and new opportunities. Staying ahead of the herd allows you to stay in the driver’s seat.
- Communication: Most non-legal teams probably aren’t in the know that Legal’s role is shifting. In their minds, they think Legal is a static function who answers questions and checks documents. To ensure that this doesn’t remain the case in the future, legal teams should communicate any and all changes to the entire organization.
- Budgeting: With arguably the most anticipated recession in history on the horizon, budgeting has never been more important. Legal will need to make the right calls (and tough decisions) when allocating budget so that the needs of both the business and the team are satisfied.
As mentioned a moment ago, proper budgeting and resource allocation are critical right now, which begs the question of which areas should receive more resources over the next 12 months.
There are no clear-cut answers about what should definitely be done, as this depends largely on your company’s goals. That being said, here are some of the areas that are due for more budget allocations:
- Data security
- Data privacy
- Legal compliance
- Intellectual property
- Environmental, Social, and Governance (ESG) initiatives
- Contract management
- Diversity, Equity, and Inclusion (DEI) initiatives
- Data analysis
- Mergers and acquisitions
Generally speaking, even though companies and corporations around the world are gearing up for a potential recession, many of them are trying to find ways to be sustainable over the long term.
This shift to long-term strategic thinking will inevitably trickle down and impact day-to-day negotiations and contracts. For example, contract lawyers will have to stop working as pure negotiators and start considering how their negotiations will affect corporate governance.
Still, if you’re wondering why these areas are receiving an increased budget, let’s explore a couple of them.
ESG & DEI
Both sets of initiatives are commonplace among many companies. However, the goal of increased allocations is to foster fresh perspectives on issues of compliance regarding these initiatives. Times have changed, and such issues are no longer about reporting numbers that claim business inclusivity.
To be blunt, employees want more inclusiveness. The tougher issue is determining how this inclusiveness should look, what should be done, and what it means in general.
Employees claim they want to bring their entire selves to work, but how can the company support this? That’s where Legal can step in and look for measures that support both ESG and DEI.
Security has always been essential, yet it’s become so critical that it’s at the top of investors’ minds for not just 2023–2024, but also beyond.
Legal’s job is to provide the right answers to key security questions, and these answers have a measurable impact on the company’s bottom line.
This factors into the evolving relationship between Legal and revenue. Already, Chief Legal Officers are being asked to contribute to the development of business strategies. Not only does this make Legal closer to revenue generation than ever before, but legal can work to identify sustainable business decisions.
Consequently, this creates two new responsibilities for Legal. When discussing security, Legal must ask C-Level execs the question, “Can we close a deal with our current security?”. And when trying to enable more sales, Legal must step in and involve themselves in a product’s design.
Legal’s next steps must take into account their new responsibilities and resources.
This can be done by applying the “People – Process – Technology” framework, which instructs a team to treat other departments like customers who have needs to be met. Those needs are addressed by first understanding the problem, then adjusting processes to solve them, and supporting success with tech.
If the order of People → Process → Technology is broken, or if priorities are changed, this prevents Legal from effectively doing its job as the company’s protector and strategic advisor.
Here’s a closer look at each element of the framework and how Legal can approach it.
Over the last few years, investing in talent and nurturing employees has been a winning strategy. This is because all aspects of business – processes, responsibilities, functions – are beginning to overlap. Consequently, employees need to switch between many different hats.
For this to happen, Legal must dedicate time and resources to developing their team members.
Many lawyers went to law school in order to become a unique individual contributor, and many probably didn’t expect to have to learn about cybersecurity. Both realities are no more.
Security is at the forefront of every discussion, which means legal teams must become fluent in such conversations. Moreover, data requires clear and concise explanations, which is something else that legal professionals haven’t been trained to be (legalese, anyone?).
Historically, legal teams want to operate as a pillar of knowledge or single source of truth for all legal questions. Nowadays, such a siloed approach will simply stifle growth and innovation within legal, rendering them unprepared for an evolving world.
For example, Legal will have to be more assertive when communicating the value of their work to internal clients. This includes leading a concerted effort to ensure privacy by design (i.e. accounting for privacy from the beginning of design and development).
At the same time, Legal can’t be seen as an autocratic dictator. Instead, Legal should promote team members to apply a people-first approach. In other words, Legal should be easy to communicate and converse with. Adopting a positive manner will not only improve client experiences, but it will encourage other teams to proactively seek out Legal for addressing concerns.
And as more teams come to Legal for their questions, this will naturally cause an increase in legal operations. Even more so when factoring in the additional responsibilities legal will have as a strategic partner.
On average, companies have between 0 and 10 legal ops managers, despite the fact that setting up projects that require stakeholder input needs legal ops.
Legal ops’ core function is discovery and litigation. It wasn’t originally supposed to be all about ensuring compliance, but rather the intent of legal ops was to construct a shared service of legal operations.
To set up effective legal ops workflows, a shift in mindset has to occur. While managers still have to think like a lawyer, they need to work like a project manager, such as identifying and managing high priority risks.
One way to approach working in this manner is to ask the question, “What’s going to make the biggest impact?” Then once the answer is given, start working on it.
This will also force some changes to how work is done. Previously, Legal never used to be as process-oriented as product groups or finance teams. But as CLOs are being asked to deliver faster, legal teams will be forced to adopt procedures and workflows that will optimize work and make task completion more efficient.
Leveraging technology intelligently and intentionally will go a long way towards cementing and simplifying processes while streamlining operations and ensuring positive experiences.
However, most newcomers to tech tend to want to buy a new tool for each new case, much like a new user of smart devices wants a tablet, a smartphone, and a high-performance laptop (when in reality, they need at most a phone and basic laptop).
The optimal way to adopt tech is to find a device or software that can fulfill many different needs. This not only simplifies usage, but it won’t stretch budgets. For example, if a platform has the ability to search, collect, call, review, and delete data while keeping it secure, and can search for and pull data from other systems in use, it makes use easier to justify.
Think of the budget requests as well. It’s much easier to defend why you need one software (and measure its ROI) then to defend 20. In much the same way, it’s easier to community the use case and get others to buy in to the tech when you explain how it will solve almost all problems and requirements.
Ethics of Technology
Naturally, the combination of people and technology raises plenty of ethical questions that need to be addressed. Such questions could range anywhere and everywhere, from intellectual property and fair use to counterfeiting and fraud.
Fairly or unfairly, the fact of the matter is that this puts lawyers in the crosshairs of ethical dilemmas that they weren’t prepared for. Unfortunately, the knowledge they gained at law school simply won’t cut it all the time since it often doesn’t address the core of certain problems.
To tackle such situations, legal teams need to demonstrate skills that they previously haven’t needed: project management, digital literacy, and data privacy (to name a few).
If a DDoS attack happens, Legal should know what to say and when. And it’s easier to tell the truth when you know exactly what’s happening, which is important for building trust with clients.
Clients need to know they can believe their lawyers, especially since lawyers are often responsible for sensitive, confidential information, as well as when such information must be communicated to specific parties.
As a result, lawyers must possess a certain degree of technical competence and knowledge. While they don’t need to be a hacker capable of solving complex technical issues, lawyers should be capable of understanding, recognizing, and addressing these issues.
Data Privacy & Artificial Intelligence
With each passing day, more legal teams consider using AI for various requirements. The use of AI raises a novel set of privacy concerns, as well as discussions about how to correctly use AI.
This is one area where involving lawyers from the beginning can pay dividends down the road. Since lawyers are in charge of privacy and data, they have a vested interest in ensuring privacy by design.
There are several steps that can be taken to approach data collection and privacy from a legal standpoint when using AI:
- Make a list of info that’s needed.
- Create a structure that “houses” collected data.
- Identify sources of information, who processes information, and any subcontractors and cybersecurity provisions connected to information.
- Rely on data scientists who know and understand the terminology.
- Identify technology that’s used, and rely on tech specialists who can explain it.
- Conduct risk assessments and stress tests.
- Merge internal and external expertise to stay up to speed with fast-moving technology.
- Keep in mind that laws move slower than technology.
When evaluating AI-related risks that could compromise data privacy, ask yourself these questions:
- Which laws do and don’t apply?
- Whose data is being collected? What legislation is in effect (e.g. GDPR for the EU, data privacy for California residents)?
- Which types of data do you collect and/or process (e.g. medical data, demographic data)?
- Who do you send data to? Is data kept domestic or sent internationally?
- When is data sent? And at what points should data processing start and a DPA be signed?
- Why is data being collected?
As a general rule, it’s best to minimize how much data you collect. You should also understand the purpose of collecting certain data, and you should notify individuals whose data is being processed.
Consent must be explicitly gathered, and the collection of data should be freely revocable. But in order to do that, you need to know how to process and store consent.
These were just some of the key takeaways from ACC 2022. As you can see, many of the sessions and discussions were filled to the brim with fresh insights and actionable steps.
As technology continues to advance and AI becomes increasingly capable of fulfilling everyday tasks, it’s important to understand how to properly leverage such tools.
If you’d like to know more about AXDRAFT’s strategic vision, what steps we take to ensure data security, and how we approach the usage of AI in legal technology, book a demo with our team.