Jun 7th: Rising Cybersecurity Concerns in Law Firms

How is the legal industry adapting to tech-driven changes? GDPR, data privacy, cybersecurity, and AI are top of mind for many.

Welcome to your Law Tech briefing for June 7th, 2023, covering what happened in legal tech recently.

TLDR; Listen instead:

Have less than a 1 min? Three takeaways from yesterday

1. Law firms must prioritize data privacy and cybersecurity, proactively assessing and tracking their privacy posture in real-time, complying with GDPR, and implementing security measures such as two-factor or multi-factor authentication.

2. Legal tech solutions can assist in building a culture of data privacy and streamline processes. Law firms should take advantage of opportunities to leverage innovative digital solutions and be at the forefront of digitization in the industry.

3. As the legal industry moves towards prevention and risk mitigation, lawyers must move upstream, looking into risk prevention rather than litigation, and collaborate with business stakeholders to build trust and promote a culture of data privacy within an organization.

The fifth anniversary of the General Data Protection Regulation (GDPR) is approaching, highlighting the importance of data privacy and technological innovation in managing personal data. Clio appointed a chief product officer to drive product strategy and development, while law departments were urged to accelerate innovation efforts. The US Government updated its National AI Research and Development Strategic Plan to address ethical and legal implications. Legal professionals also witnessed advancements in cybersecurity practices, data management solutions, and contract lifecycle management.


Data privacy and security remain essential for businesses, with the GDPR bringing positive changes in IT infrastructure and consumer awareness. The appointment of chief product officers in legal tech companies signals the increasing emphasis on product strategy and development to enhance offerings for lawyers. Law departments are prioritizing innovation, leveraging AI technology for better outcomes. The updated National AI Research and Development Strategic Plan highlights the significance of addressing the implications of AI while fostering collaboration and cybersecurity measures.


Businesses must navigate the evolving data privacy landscape by building comprehensive strategies and leveraging technological innovation. The appointment of a chief product officer at Clio demonstrates the growing importance of product development and integrations in legal tech. Law departments are encouraged to accelerate their innovation efforts, particularly by utilizing AI technology to enhance team productivity and achieve measurable results.

The updated National AI Research and Development Strategic Plan reflects the US Government’s commitment to staying at the forefront of the AI industry. The plan emphasizes public-private partnerships, effective human-AI collaboration, risk management, cybersecurity measures, and international collaboration by addressing the ethical, legal, and societal implications.

In addition, legal professionals can benefit from insights from benchmarking surveys on cybersecurity practices. These surveys highlight security gaps and emphasize the need for a layered approach to security across people, processes, and technology. Data management solutions like Onna, available through Google Cloud Marketplace, offer comprehensive platforms for e-discovery, collaboration, and information governance, enabling organizations to manage and gain insights from their data effectively.

Legal professionals are also witnessing advancements in contract lifecycle management, with Agiloft recognized as a leader in the field. Meanwhile, fintech developments in the payments space are drawing the attention of state attorneys general, who scrutinize industries for consumer fraud. Fintech providers are advised to review compliance programs, enhance risk monitoring and fraud prevention procedures, and ensure compliance with relevant regulations to avoid regulatory issues.


Lupl. Manage your matters, deals, and cases without the chaos. Lupl brings together tasks, documents, and knowledge so legal professionals can focus on what matters most - delivering outcomes for their clients. See for yourself.

Key stories

US National AI R&D Strategic Plan 2023: A comprehensive look into the future of AI (Technology’s Legal Edge)

The Select Committee on Artificial Intelligence of the National Science and Technology Council has released an update to the US Government’s National AI Research and Development Strategic Plan, outlining nine thematic strategies for the future of AI in the country. The plan requires long-term investments in fundamental and responsible AI research and creating public-private partnerships. It acknowledges AI's ethical, legal, and societal implications, recognizing the importance of evolving the perceptual capabilities of machines and cybersecurity measures. Other key areas covered include human-AI collaboration, international cooperation, and the development of shared public data sets. In addition, the document highlights the importance of improving hardware for better AI performance and the need for standards to certify unbiased models. Businesses are encouraged to consider whether their workforce satisfies these criteria and whether they need to invest in AI expertise to benefit from government intervention.

LexisNexis’ 2023 Bellwether report shows shift in attitudes to tech investment post cost of living crisis (Legal IT Insider)

According to the latest Bellwether report by LexisNexis, technology infrastructure is a significant challenge for most small law firms and solo practitioners, with just 24% of respondents planning to implement new technology in the next 12 months. However, client-facing online portals for updates are cited as the most common tech investment for the next year, indicating a focus on maintaining client relationships as a key priority. The report also highlights that retaining clients through the offering of good service is essential, with 88% of firms investing more in business development and marketing. While retaining clients is the primary focus, there remains a strong desire for legal intelligence technology, with two-thirds of lawyers using digital legal research and guidance tools.

ILTA and Conversant Group Release First Cybersecurity Benchmarking Survey of the Legal Industry (Legal Technology News - Legal IT Professionals | Everything legal technology)

The International Legal Technology Association (ILTA) and Conversant Group have released the results of the first cybersecurity benchmarking survey for the legal industry. The report, titled “Security at Issue: State of Cybersecurity in Law Firms,” aimed to understand the current cybersecurity controls, tools, practices, and assumptions within global law firms to identify how their cyber defenses could improve. The survey found that while around 15% of law firms surveyed believed they had security gaps, more than double that number had suffered some form of breach. Respondents identified user behavior and lack of training as the top threat to security rather than any threat actor activities. The report recommends law firms take a more layered approach to security across people, processes, and technology to improve their security posture and avoid making security optional.

All stories

Guest post: GDPR turns five – Reflecting on the changing nature of data privacy strategies (Legal IT Insider)

As the fifth anniversary of the General Data Protection Regulation (GDPR) approaches, businesses face a different world regarding how they manage personal data. The GDPR has led to positive changes, such as transforming IT infrastructure to improve security postures and increasing consumer awareness. However, challenges remain in gaining customer trust, and organizations must build an overarching strategy when it comes to data privacy, using technological innovation to optimize the process.

Clio Names Its First Chief Product Officer to Oversee Product Strategy and Development (LawSites)

Legal tech and law practice management company Clio has appointed Hemant Kashyap as its first chief product officer. Kashyap will oversee product strategy, development, and execution, including all features and integrations within Clio’s app integration ecosystem. His responsibilities include defining the near- and long-term product vision, strategy, and roadmap and overseeing the launch and development of new products for lawyers and the legal industry.

“Successful Innovation Outcomes in Your Law Department” – My New Keynote Presentation (DennisKennedy.Blog)

Law departments are being asked to accelerate their innovation efforts to keep pace with the rest of the business. A new keynote presentation titled “Successful Innovation Outcomes in Your Law Department: A Roadmap for Results in the Age of AI” has been launched to help law departments improve their innovation results and stay ahead of the curve. The presentation provides practical advice for using tech like AI to make teams work better and get more measurable results from innovation efforts.

Hard-bargaining legal ops can reduce outside counsel costs (Legal Dive - Latest News)

Stacy Lettie, chief of staff to the general counsel at Organon Pharmaceuticals, has urged legal departments to be more assertive in seeking discounts from outside law firms. In a podcast, Lettie said that legal departments should aim for discounts of between 15% and 20%, depending on the volume of work. She added that legal departments should be proactive in seeking discounts and not wait for law firms to offer them.

Why compliance chiefs should report to CEOs, not GCs (Legal Dive - Latest News)

Maria D’Avanzo, former chief ethics and compliance officer at Cushman & Wakefield, believes that compliance chiefs should report to CEOs rather than general counsels (GCs). D’Avanzo argues that reporting to the CEO provides greater autonomy, empowerment, and authority to conduct investigations and make budget decisions. However, she also highlights the importance of partnering with GCs and maintaining frequent and transparent communication.

Survey: Cloud, Collaboration and Information Governance – The Latest Landscape (Legal IT Insider)

A survey conducted in partnership with Litera will provide insights into the challenges law firms face when moving their data and applications to the cloud. The survey will cover governance, integration issues, data management, provisioning, and security. The resulting report will feature key findings, statistics, and interviews with industry leaders and will be discussed in a webinar this summer.

ILTA and Conversant Group release first cybersecurity benchmarking survey of the legal industry (Legal IT Insider)

The International Legal Technology Association (ILTA) and Conversant Group have released a benchmarking survey on cybersecurity practices in global law firms. Nearly three-quarters of respondents believed they were more or much more secure than their industry peers, yet the detailed results demonstrated significant security gaps across firms of all sizes. The report concluded that firms could still improve their security through a more layered approach to security across people, processes, and technology rather than focusing on compliance.

On LawNext: Rasa Legal Founder Noella Sudbury On Simplifying Criminal Records Expungement (LawSites)

Noella Sudbury founded Rasa Legal, a justice tech company licensed under Utah’s legal services sandbox, to simplify and automate the process of expunging criminal records. Sudbury’s interest in criminal records expungement began during her time as a criminal defense lawyer, where she saw clients struggle to rebuild their lives due to their records. Her efforts have been recognized through various awards, including being named to Inc.’s Female Founders 200 list and received the Utah State Bar’s Distinguished Service Award.

Lawmatics Launches LM[AI], A GPT-Driven AI Feature to Generate and Inspire Client Emails and Templates (LawSites)

Lawmatics, a cloud-based CRM platform for lawyers, has launched a feature called LM[AI] that uses AI to create and edit client emails and email marketing campaigns. The feature is powered by the latest commercial version of ChatGPT, which has been customized to include capabilities specific to Lawmatics’ platform. Lawmatics’ founder and CEO, Matt Spiegel, said the feature was launched to help lawyers create better content for marketing campaigns and other types of emails they send to clients.

Onna Becomes First Non-Google E-Discovery Solution Available Through Google Cloud Marketplace (LawSites)

Data management company Onna has made its entire solution available to purchase directly through Google Cloud Marketplace, becoming the first e-discovery product to be available there. Its platform is designed to help corporate legal, and IT teams connect, collaborate, search, and act on data from multiple sources in one place, and integrates with widely used enterprise content, collaboration, and communication applications such as Google Workspace, Slack, Office 365, Confluence, and Jira. For corporate customers, a benefit of Onna’s inclusion in the marketplace is that it provides an additional option for them to meet their Google Cloud spending commitment.

What Does Lawyer Development Mean in the Age of Generative AI? New Innovation Lab Will Seek Answers (LawSites)

SkillBurst Interactive has launched the Legal Innovation Lab to provide training and development for lawyers in the age of generative AI. The lab will focus on creating digital learning solutions for law firms, legal departments, and others. Anusia Gillespie, formerly of UnitedLex and Eversheds Sutherland, has been named the lab’s chief strategy and growth officer.

Privacy notices: the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR (Inside Tech Law)

The UK’s Information Commissioner’s Office (ICO) has clarified its interpretation of Article 13 of the UK GDPR, which requires companies to provide clear information about data processing and individuals’ rights. The clarification was made in a monetary penalty notice (MPN) relating to TikTok’s £12.7m ($16.9m) fine for non-compliance with data protection law. The ICO expects a greater level of detail and specificity than is seen in some privacy notices, and companies are advised to revisit their privacy notices to better align with the decisions of the EU and UK data protection authorities.

Advancing AI Safety: Law Student Competition For Drafting A Treaty On Moratorium Of Large-Scale AI Capabilities R&D [Sponsored] (Technology Archives - Above the Law)

The Campaign for AI Safety is holding a law student competition to draft a treaty on the moratorium of large-scale AI capabilities research and development. The winning treaty may provide a blueprint for international governance and legal structures in AI control. The competition is open to students globally, and the top three participants will receive substantial monetary rewards.

The legal economy is moving upstream. Will you follow? (Jordan Furlong)

The legal profession is facing a shift in demand as clients increasingly seek to prevent legal issues before they arise rather than relying on lawyers to solve them after the fact. This trend is driven by a combination of factors, including the rise of legal operations professionals within companies, the use of technology to provide legal information and guidance, and public policy efforts to reduce legal problems. Lawyers must adapt to this new reality by moving “upstream” and focusing on prevention and risk mitigation rather than litigation.

TECHREPORT 2022 | Marketing and Communication Technology (Law Technology Today)

The ABA Legal Technology survey has released its results, with Allison Johs sharing some statistics from the Marketing and Communications survey and report. The report highlights opportunities for lawyers to use technology in their marketing efforts. The video of Johs discussing the report can be watched below.

Onna Expands Relationship with Google Cloud, Giving Organizations on Google Cloud Marketplace a Broader eDiscovery Solution (Legal Technology News - Legal IT Professionals | Everything legal technology)

Onna, a data management platform for eDiscovery, internal investigations, and information governance, has made its entire solution available on Google Cloud Marketplace, expanding its partnership with Google Cloud. Onna’s platform integrates with widely used enterprise content, collaboration, and communication applications like Google Workspace, Slack, Office 365, Confluence, and Jira, enabling organizations to manage unstructured data from various sources and gain valuable insights. Onna is committed to making data management simple and accessible, allowing customers to make informed decisions and drive business growth.

Agiloft Named a Leader in Contract Lifecycle Management Report by Forrester (Legal Technology News - Legal IT Professionals | Everything legal technology)

Agiloft, a no-code contract lifecycle management (CLM) software provider, has been recognized as a Leader in The Forrester Wave: Contract Lifecycle Management, Q2 2023 report. The report evaluated 13 vendors on 26 criteria, including current offering, strategy, and market presence. Agiloft received the highest scores possible in 17 criteria, including contract management, workflow, dashboards/reports/visualizations, user experience, vision, innovation, and roadmap.

Don’t let your payment platforms attract regulatory scrutiny (Legal Dive - Latest News)

State attorneys general (AGs) are keeping a close eye on fintech developments in the payments space, as the same qualities that make these services successful also attract fraudsters. AGs are the primary enforcers of state consumer protection laws and are accountable to voters, so they scrutinize industries that have attracted consumer allegations of fraud. Fintech providers can avoid regulatory headaches by reviewing their compliance programs and consumer-facing materials, making robust disclosures to consumers, clearly disclosing privacy settings, bolstering risk monitoring and fraud prevention procedures, implementing two-factor or multi-factor authentication for consumer accounts, and checking compliance with financial-industry-specific regulations.