6 Takeaways from Legaltech 2017: Get Ready for Change
LegalTech 2017, held last week in Manhattan, showcased new technologies, accelerating changes in the business of law and an increasingly complex and an unpredictable legal/regulatory environment. Starting with the very first keynote, many presenters said that change is happening faster than experts predicted even a couple of years ago.
The penalties for falling behind in dealing with these new challenges will be greater than ever before. Companies that don’t adapt successfully will face reputational and potentially even existential risk that go well beyond writing a check for fines levied for non-compliance.
Forward-looking companies can help their legal, risk management and IT data infrastructure teams cope with new regulations and security/privacy challenges by modernizing their compliance infrastructure and by adopting high-quality practices for compliance and for dealing with catastrophic events. In today’s market, dealing effectively with challenges can become a competitive advantage over companies focused on expense minimization who risk becoming also-rans because of their inability to respond effectively or credibly. I attended all three days of LegalTech, meeting with some of our customers. But I focused mainly on attending the conference sessions to look for trends to incorporate in long-term strategic vision for how we might expand to address even more of the major emerging challenges our customers face. Here are 6 key takeaways from LegalTech 2017 that are likely to shape the future of how organizations use information governance to manage risk.
1. Artificial Intelligence/Machine Learning is Big
It’s bigger even than experts in the field would have predicted just two years ago. Keynote speaker Dr. Andrew McAfee of MIT gave examples where computers are consistently outperforming world-class human experts at tasks that were not thought to be solvable even a short time ago. Dr. McAfee suggested that AI technologies have the potential to be so disruptive that companies failing to embrace them will simply be unable to keep up with those who do. Of course, other presentations about AI stressed the need to make these technologies easy to use and to help buyers gain trust in the results so that usage will spread rapidly.
2. Next-Generation Analytics Were Everywhere
Everyone agreed that we are on the cusp of a major shift in analytics — in the past, tools did a great job of slicing and dicing data about what happened. But the next generation of analytics is all about helping people make specific decisions based on the growing deluge of corporate data they’re collecting. We spoke to many people looking to find a way to harness advanced analytics, but we were surprised at just how little consensus there was about where this technology needs to go. Clearly, flexibility in analytical tools will be paramount until the industry converges on the most useful analytical solutions out there.
3. An Increasingly Volatile, Complex and Contradictory Regulatory Environment is the New Normal
For various reasons, regulators are deploying packages of new rules increasingly quickly, and because of the deadlines they face, they are using an “evolutionary” approach, where they deliver an initial version that they acknowledge to be imperfect, but promise to follow it soon with a “version 2.0” with sizable changes and corrections. Deadlines for compliance are shorter and more arbitrary, seeming in some cases to be driven by regulators’ political considerations more than by a realistic estimate of the time for companies to implement them.
Conflicts between regulators and different jurisdictions are likely to increase, as are penalties for failure to comply. Several presenters noted the penalties are no longer simply a matter of writing a check; they now include reputational damage and other non-cash consequences that could be extremely painful.
4. Security and risk management
There’s a lot of focus on planning proactively to deal with security breaches, rather than simply reacting when an incident happens. Companies are beginning to get more focused on enterprise-wide data loss prevention (DLP) initiatives. Top management increasingly understands the risk of exposure in the event of external data breaches or procedures that don’t comply with increasingly stringent privacy laws. At the conference, I heard several presenters and attendees express concern that they’re falling further and further behind.
Many companies are paradoxically talking about their visionary end-to-end data loss prevention strategies while still struggling to plug the most elementary security holes, like disabling DropBox and other user-installable file sharing services or actually executing their existing data retention policies that would eliminate the major problem obsolete (yet discoverable) information.
5. Privacy Rules Get Tougher and Conflicts Become More Intractable
Many of the presentations I attended talked about how privacy laws outside the US are becoming tougher. The European GDPR package, which takes effect in 2018, was on everyone’s lips. The New York state Division of Financial Services regulations that took effect on January 1 could be almost as challenging for many businesses. More stringent privacy laws are creating hard-to-resolve conflicts between investigative demands and privacy. One consequence is that data sovereignty continues to become even more of an issue; while some products are starting to help ensure proper data location, there’s a long way to go.
6. Investigations Become More Important
There was also a lot of talk about how companies are trying to adapt their e-discovery systems to investigate, prevent, and litigate internal wrongdoing such as insider trading, price fixing, sexual harassment, etc. Flexibility and performance in information governance platforms is becoming more important and users are finding that some existing tools have run out of gas and can’t support the iterative style of searching and tagging relevant documents.