Big Banks Worried About Outside Counsel Who BYOD
Note to Big Law: When you’re working with Wall Street, don’t BYOD. At least not until the devices are configured to secure data.
That’s the anti-Bring Your Own Device message the country’s biggest banks and financial institutions are trying to convey to their law firms, according to the global chief operating officer of Goldman Sachs’s legal department.
Actually, Goldman’s Jeffrey Isaacs doesn’t care if the outside lawyers his department hires have personal smartphones in their pockets—he just doesn’t want them to use the same devices for business.
He spoke to a small gathering of in-house types who had been invited to attend a panel discussion called “Legal Departments Under Pressure,” which was held at the Yale Club in Manhattan on June 19. Isaacs underscored his point by picking up the two smartphones on the table in front of him.
“Everyone on Wall Street” uses separate devices for business and personal data, he said. But the law firms they hire as outside counsel haven’t gotten on board, he complained. The firms are apparently worried that they will be at a “competitive disadvantage”—especially when recruiting talent—if they agree to enforce stricter data-security standards for smartphones, tablets, laptops, and other digital devices.
Isaacs wasn’t the only panelist who expressed concern. The subject was first raised by moderator Kris Satkunas, director of strategic consulting at LexisNexis, which sponsored the event (organized by Sandpiper Partners LLC). Panelist Lani Quarmby, associate GC who oversees outside counsel management at Bank of America, said she and her colleagues spend lots of time talking to law firms to see how they’re protecting data.
“Can you imagine if a law firm had a breach” of their clients’ confidential information? “We wouldn’t work with them again,” she said.
Rose Battaglia, global chief operating officer responsible for Deutsche Bank’s legal and compliance departments, also chimed in. For the first time her team is being asked to perform risk assessments of their law firms. In a world where companies are responsible for the behavior of their vendors, law firms are among the last vendors they’re assessing, she said.
Isaacs said that companies understand that federal regulators are eager for them to resolve the issue. He has a sense that if companies don’t, the regulators will step in and impose a solution for them.
Many of the largest banks and financial institutions are concerned enough that they have joined together to attack the problem as one, Isaacs said. He and his counterparts have identified 11 big law firms and have begun a dialogue—mostly with the firms’ chief information officers, along with a smattering of partners, he said.
They plan to voice their concerns in a more public way at a conference in Las Vegas in August, Isaacs added, referring to the upcoming International Legal Technology Association event. And if that doesn’t work, he concluded, Goldman intends to host a data-security meeting in October.
If there was a time when BYOD sounded like an acronym you might see at the bottom of a party invitation, apparently those days are gone. The message from the big banks seems clear: Sober up!