How Holland & Knight's Innovation Arm Underpins Cybersecurity, Data Privacy Pursuits
Holland & Knight's HKLab is used in helping clients with cybersecurity efforts by marrying the "disconnect between people on the engineering and legal sides."
May 30, 2018 at 01:00 PM
5 minute read
Clients increasingly expect an innovative approach to tasks set for outside counsel, and some law firms are testing their luck by bringing technology and processes in-house.
This is the case for Holland & Knight, which has had its innovation arm HKLab since 2012. Comprised of legal experts and software engineers, the group underpins a host of efforts across the law firm, including its launch of its Cybersecurity, Data Breach and Privacy Team in its litigation section.
So why would an innovation arm be needed in launching a cyber-focused practice group? HKLab leader Joe Dewey told Legaltech News it's because there are certain areas of data security and privacy “where having technology capabilities, when coupled with policy and legal expertise, is particularly useful.”
“A lot of the legal regimes that apply to these areas of law inevitably become very technical in terms of their applications,” he said, noting that Holland & Knight has had companies come to them believing they were in compliance with a regime, but analysis of their technology processes said otherwise. “There's usually a disconnect between people on the engineering and legal sides. When you can marry that expertise, you can produce better results.”
Many international privacy requirements are placing new pressures on organizations for greater technological expertise. The European Union's (EU) recently enacted General Data Protection Regulation (GDPR), for example, requires that multinationals oblige by strict mandates in managing EU citizen data, a stipulation that has already proven problematic for some of the world's largest technology companies. What's more, individual EU member states have their own privacy laws, with some, such as those in Spain and Norway, being more robust than others. Other nations, like Australia and South Korea, also have strict requirements.
Cybersecurity laws also can prove challenging. China's Cyber Law places strict requirements on companies handling Chinese citizens' private data. The U.S. also has a host of state and federal level laws mandating the handling of a cyberbreach.
Such regulations require that companies take varying approaches in assessing how they manage data, requiring considerable legal and technological acumen. HKLab leverages its subject matter expertise in both arenas in addressing compliance challenges, but technology also plays a part. In HKLab's technology stack, he explained, are a host of “virtual machines” running on the open source platform Linux and utilities for port scanning, which scour servers for vulnerable ports.
“A lot of it is a very sort of systematic checklist you go through to find vulnerabilities, and then a lot of it is code review, which is more expertise in terms of knowing what to look for and how web pages and web applications operate and enact with the users and how that data actually flows,” he added.
Dewey said HKLab's initial focus was primarily on data security and privacy matters, and it was only 2½ years ago that the firm decided to expand its scope to cover other areas of technology and innovation. As to why the firm is now utilizing it for its launch of a cyber and privacy practice, he cited regulatory and litigation trends as reasons.
“Given the nature of things like the GDPR and the fact that litigation was becoming such a large component of the results of compliance, it made sense to have a better organizational structure around [our cybersecurity and privacy] practice,” he added.
Holland & Knight is far from the only firm internalizing innovation efforts. Reed Smith recently launched GravyStack, a technology subsidiary that will develop and license the law firm's technology products for clients, while Littler Mendelson regularly develops and employs technology for client issues. Nor is Holland & Knight the only firm incorporating cybersecurity services into their offerings—BakerHostetler, for example, has a services group for helping clients manage data breaches.
Holland & Knight also has a Data Privacy Testing Lab, which offers to conduct “technical tests and reviews” for clients' devices and online accounts “before regulators, outside technology firms or news media outlets do,” the law firm's website said.
Dewey said that at present, client demands regarding issues around virtual currencies are among the top drivers of HKLab's cyber-related efforts, particularly around tracking digital assets and understanding how they operate. He also noted that clients are interested in creating and understanding issues around smart contracts.
“I think it's difficult to replicate the outcomes you have with this expertise in-house and in an environment that fosters collaboration as much as it does when you're in the same firm. It will be difficult to compete if you don't have that value add,” he said. “It'll be hard to practice areas where you can't provide that.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250