Geeks for Lawyers: Hiring a Technology Support Provider
As business is commonly conducted electronically, the practice of law is correspondingly impacted. Lawyers communicate with clients via electronic mail, documents are created and saved on computers to local and wide area networks and shared utilizing private and public networks. The advent of electronic signatures and the movement toward a paperless practice means that eventually a document may exist exclusively in electronic form. This makes the understanding of and expert support of law practice technology an imperative.
The December 2009 Arizona Business Gazette article “ Lawyers Can Post Clients' Files on Web” reported that the Ethics Committee of the State Bar of Arizona gave the go-ahead to a lawyer to let clients view and retrieve their own files. The Committee on the Rules of Professional Conduct of The State Bar of Arizona opined that the panoply of electronic and other measures . . . available to assist an attorney in maintaining client confidences remains similar to those discussed in Ethics Opinion 05-04. In satisfying the duty to take reasonable security precautions, lawyers should consider firewalls, password protection schemes, encryption, antivirus measures, etc. Id. Indeed, these considerations have become more relevant as more law offices and departments convert to “paperless” file storage.
The committee cautioned that their approval was based on the kind of security the lawyer promised to set up, both in encrypting the files and taking other methods to preclude unauthorized hacking. The panel also said that the attorney has to conduct periodic reviews to ensure that security precautions in place remain reasonable as technology progresses.
Although this opinion specifically addresses the matter of an online file storage and retrieval system for client access of documents, Rule 1.6 (a) of the Model Rules of Professional Conduct ( www.abanet.org/cpr/mrpc/rule_1_6.html) published by the American Bar Association states: “A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b)” (paragraph b includes such exceptions as the prevention of certain death or bodily harm). This further reiterates s need for data security independent of jurisdiction.
The name of the inquiring attorney was not disclosed, as is customary with these opinions, and the opinion does not specify practice size when stating security requirements. However, solo and small-firm attorneys often do not employ full-time information technology (IT) staff to help with installation, training, and troubleshooting when it comes to technology. The 2009 ABA Legal Technology Survey Report revealed that overall, 38 percent of respondents report that their firm has no technical support staff. Seventy-four percent of solo and 56 percent of small-firm respondents (respondents from firms of two to nine attorneys) report that their firms have no technical support staff, compared to 24 percent of respondents from firms of 10 to 49 attorneys and no respondents from firms of 100 or more attorneys. Nevertheless, a minimum level of lawyer competence in the security of technology is necessary to comply with the Model Rules of Professional Conduct in most jurisdictions, regardless of firm size. How can the solo or small firm level the playing field to take advantage of this technology while complying with ethical guidelines? Technology outsourcing may be the answer.
Though often associated with larger firms, technology staff outsourcing is increasingly available to law firms of all sizes. There are technology vendors available to support a variety of needs and functions. System backup and restoration is a critical need, but periodic or ongoing support of computer workstations and networks systems is also available for offices of all sizes. Despite the “geek squad” type of support specialists so prevalent in the media, professional third-party technology support is widely available to law offices of all sizes. Numerous technology vendors exist and provide a menu of tech support options at a variety of price points.
There are even a number of third-party support technology vendors that specialize in supporting the unique technology needs of the legal community. In addition to supporting the most commonly used computer hardware and software, these companies also support standard law office applications such as practice management systems, time and billing applications, and many popular document management systems, to name a few. Many technology vendors provide you with the option of outsourcing all of your technical support needs or will supplement your existing staff and support system. You can specify the hours of support that best meet your firm’s needs, whether it’s on an as-needed basis, during business hours, or even 24/7 coverage in the event of trial preparation.
When outsourcing essential functions, it’s critical to ask potential service providers the right questions. The ABA LTRC guide FYI: Hiring a Freelancer or Consultant is a good resource to get you started. FYI: The Ethics of Online Backup Systems may also be of help in weighing the pros and cons of one support option in comparison to another. There are many benefits to outsourcing, including reduced administrative overhead and the ability to focus on your core business while taking advantage of access to the vendor’s advanced technology. However, the risks must also be considered and addressed. Consider that when you outsource an information technology function, you are in effect creating a partnership. You are giving a third party access to your clients, your practice, and potentially your livelihood. Consequently, maintaining data security is paramount in order to maintain the confidence of your clients, uphold your professional obligations, and (in certain cases) comply with the law.
Depending on the nature of your practice, you may be impacted by provisions of the Health Information Technology for Economic and Clinical Health Act (the HITECH Act) that went into effect February 17, 2010. The new rules on HIPAA breach notification and the related, tougher penalties for privacy and security violations require both health care organizations and business associates to be more vigilant about data security. Additionally, the article “ The FACTA’s “Red Flags” Rule May Apply to Law Firms” suggests that sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which Congress passed in part in response to the growing threat of identity theft, may require law firms to put a written identity theft prevention program in place if it has not already. Any such plan would naturally encompass the security of electronic data and by extension any third parties with access to said data.
These is not mean to frighten anyone but rather to put the need for data security into the larger context of business security and the need to hold our business partners to the same high standards of data security to which lawyers are held. In theory, data security is an issue that technology vendors should be uniquely qualified to address. Many of the safeguards (such as restricted file access, data encryption, anti-virus software, spyware, and firewalls) that law firms struggle to address in response to the ever present threat of hackers, viruses, and Trojan horses are routine occupational hazards for a technology support vendor. Although no business is exempt from a data security breach, a technology support vendor is in the business of technology. In theory it should be all in a day’s work for such a company to safeguard not only their own technology but yours as well.
Selecting a Service Provider
When initially considering a third-party vendor, you’ll want to be clear about the services and support your firm requires. Speak to your peers about who they are using to provide technology services and how they are using the services. Your local bar association may also be a resource of vendor referrals. This will help to further clarify the project and services you are seeking. Once you have some names to consider, you will want to confirm the reputation and integrity of these service providers and ensure that they offer the required services to firms that are similar in size and scope to your own. Further along into the process you may want to ask selected vendors to submit a detailed RFP with more information regarding their business background, practices, and continuity strategies. The following may serve to help develop both preliminary and in-depth vendor review procedures.
- Vendor Background
- What is their track record? How long have they been in business?
- What is the average tenure of their clients? Percentage of clients that renew their contracts?
- Policy on hiring and screening employee and subcontracting and partnering
- Staff experience levels: salaried vs. contract employees
- Financial statements, banking relationships and pending lawsuits
- References from firms similar to yours in size and complexity. Check these!
- Physical Location
- Safety and site-security (physical access and security procedures)
- Data security (antivirus, firewalls, hackers, and user-access levels)
- Disaster recovery provisions (fire, flood, terrorism)
- Backup and restore procedures, mirror site (server redundancy)
- Scheduled upgrades, system maintenance, and hardware failure/replacement (how are these scheduled and implemented to minimize system disruptions)
- Technical support (method, hours, staffing), guaranteed up time, and performance levels
- Client communication (How is this accomplished? If there’s a service outage how would you let us know?)
- Service and equipment warranties, quality of service (QoS)
- The technical services staff has the right level of experience and expertise for our needs
- The capacity to support our offices with service levels that match our desired responsiveness
- The value provided for the price proposed matches our expectations and budget
- Business Concerns
- The capacity to understand our business and even anticipate our future technical needs
- Demonstrates the ability to be a good steward of our business resources
- Conflicts check and certification. Disclosure of contractors and subcontractors
- Uses documented processes and best practices to maintain our network and their own
- This vendor offers other areas of services that will be beneficial to our company
- We understand one another clearly. This vendor speaks English and listens attentively for our areas of need
Every city and state with the exception of the most remote locations will have local technology support companies and professionals. Some may even advertise in your bar association publications. Though there’s nothing wrong with considering a lone consultant, there should be a support plan in place if that consultant is unavailable. Accessibility, reliability, communication, and security practices should be the determining factors. The following is a selection of information technology service providers that operate nationally. Some of these service providers exclusively provide remote support using the Internet and screen share technology. Some provide a combination of remote support and onsite support. Some service providers specialize in the technology support needs of the legal market. Others are well versed in the most common applications and technology including the integration of personal computers and smartphones. With that in mind, following is a selection of organizations that are knowledgeable of law firm operations and specialize in supporting law firm technology.
- Adaptive Solutions, Inc. : a nationwide provider of training and support services was founded in 1998 by three law firm IT professionals.
- Dataprise: Founded in 1995 and provides support for industry-standard legal applications as well as technical and network support.
- HiWired: now a part of Radialpoint, has provided immediate, remote support via the Internet and screen share technology in all 50 states and countries around the world since 2004.
- Intelliteach: founded in 1998 and offers 24-hour help desk services for the legal industry.
- Law Firm Technical Care is new entrant to legal IT support through an exclusive arrangement for the legal market with Technical Solutions by Blumberg Excelsior.
- PC logix: has provided online and onsite computer repair and tech support specialists since 2001
- PlumChoice Online PC Services: founded in 2001, is a provider of online computer support for the home, home office and small business.
- SupportSpace: online Remote Tech Services for computers and connected devices to consumers and small- and medium-sized businesses since 2007.
Tonya L. Johnson is a research specialist in the American Bar Association’s Legal Technology Resource Center. She can be reached at Tonya.Johnson@americanbar.org.
© Copyright 2010, American Bar Association.