A survey conducted earlier this year by the market research company YouGov reveals that almost half (47%) of UK adults now use their personal smartphone, laptop or tablet computer for work purposes. Worryingly, according to the Information Commissioner’s Office “less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising concerns that people may not understand how to look after the personal information accessed and stored on these devices.”
In the past lawyers were neither able nor expected to be in contact with clients when they were out of the office. Now that we live in an “always on” age a client expects to be able to contact his/her lawyer pretty much constantly on demand. If they are not able to do this might they consider using a lawyer that they can be in contact with? In this era of constant communication many lawyers have taken it upon themselves to circumvent procedures and to use their own smartphones, tablets and laptops to help them communicate better with their clients and to stay up to date with case loads.
While this can be seen as a conscientious and diligent move, it also carries risks of the integrity of corporate and personal data. What happens if an employee leaves a smartphone or laptop on a train with corporate data on it for example? Could your client confidentiality potentially be compromised? And who pays for the equipment, repair costs, subscription costs etc?
Darren Gower, Head of Marketing for LSSA member company Eclipse Legal Systems comments: “BYOD is all well and good, but there is an issue of disconnection – firms need to make sure that the devices used are integrated with the core case / matter / practice management solutions used in the office. The risk is that the benefit of BYOD is outweighed by potential duplication of effort, if the lawyer’s device and the firm’s main systems do not talk to each other.” He goes on to give the advice: What is needed is a technology / system that presents selected data from the main office systems to fee earners, and lets them access information securely, consistently and across any available device (including the myriad of smartphones, tablets, etc).
Analyst David Johnston from RBP Ltd has strong views on BYOD: “The challenge from BYOD is really a cultural one …. Adopting the mind set of getting the security to cope with all comers – and probably especially the dodgy ones – is a nightmare in complex commercial law practice, but that’s the challenge. The esoteric spec, sharing complex data and licences with external niche players – and yes, the use with spouses and kids in odd locations with exposure to all sorts of ‘social’ risks to boot – is simply not going to go away. It is more likely to become the norm for the partners you really need – the ones who know how to drive new business. Get it right and you stay in the game. Hunker down, and you just reinforce the perceptions of your firm as one of the ‘also-rans’. Complicate it and delay it at your peril.”
It’s clear that BYOD technology is here to stay. People need to feel comfortable with the technology that they are using, and that normally means that they want to use their own devices. Law firms need to tap into the BYOD culture, maximising the opportunities whilst observing the related security and data protection issues. So, as a law firm, how do you monitor and control the private use of technology? To help, the Information Commissioner’s office has recently issued a set of guidelines and some of the key points to consider are a policy which covers the following points can be seen online:
* Who will be responsible for monitoring the policy?
* What type of personal data can be processed on the personal device and if it is stored on the device how can this be safely deleted when not in use?
* Strong passwords to secure devices
* Automatic locks on devices to prevent unauthorised access of information, ensure the user knows when to delete information and maintaining a separation between personal data and data used for the purposes of work
* Which documents are allowed to be accessed through a personal device?
* How controls can be put in place if the device is lost of stolen
* Who pays for the cost of maintaining the device if it is being used for work purposes?
* What happens on termination of employment?