Legal analytics hints at a future where law firms can parse, slice and crunch the hundreds and thousands of bytes of available data into bite-sized insights that drive business, outcomes and more. But for the law firm’s own data – a rich source of many of these insights – the issue of security will be on every decision-makers’ mind. Namely: How can we keep our client data safe, comply with regulations and still gain value from an analytical approach?

“Big Data” is a term that’s thrown around a lot among tech and analytical circles, but what does it really mean? While law firms have a huge amount of data available – internally, from clients and from outside databases and court records – not all of it is “Big Data.” That term refers specifically to data that comes from multiple sources at a rate of velocity, volume and variety much higher than what could be taken in by a human in a reasonable amount of time. It’s also very complex data.

But whether or not its data is “big,” data security is a big deal at law firms. The last thing a firm wants is to face legal consequences from a mishandling of data. And it’s top-of-mind for legal professionals: A 2017 survey showed that 42 percent of respondents had taken measures to enhance data security in their firms, and 64% of them said fiduciary responsibility was the motivating factor behind that decision. Still, firms ranked their preparedness, on a scale of one to 10, as an average of 3.5.

A good governance program can go a long way toward ensuring a firm stays on the right side. Committees can address any immediate concerns and head of future issues. Some considerations for firms establishing or assessing their data governance include:

  • Managing regulations. Personal information may be financial or health-related, and a patchwork of federal and state regulations guide how specific data should be handled in specific instances. Law firms will need to know all applicable laws relating to the data they’re handling. GDPR is another huge upcoming regulation that could affect how law firms use any data from European customers, and one that firms should prepare for if appropriate.
  • Proper use. The Federal Trade Commission released a report in 2016 aimed at helping companies specifically with Big Data. “Big Data: A Tool for Inclusion or Exclusion?” emphasized that companies need to use analytics in a way that actually benefits consumers rather than violating protections. Ensure that your analytics are actually benefitting the end use – your clients – rather than exploiting their data for your own gain.
  • Breach protocol. Where there’s data, there’s the potential for a breach. Law firms will need to have a plan for preventing a breach, and a plan for managing a breach. There are specific breach notification requirements for different regulatory bodies, so again, the variety of applicable laws will be important to understand. Forty percent of firms didn’t even know they had been breached in 2016, according to the law firm cyber security scorecard.
  • Transparency. Analytics can be a wonderful thing, but instances of “black box” AI – technology that delivers insights without showing how those insights were arrived at or revealing the accuracy or nature of the data – bring up the caution that any analysis of data must be transparent in order to be defensible.

When charting the course of legal analytics at a law firm, decision-makers will want to consider how they’re gathering, storing, protecting and managing their data – and what risks they may be taking without even knowing it.