A new survey found that in-house counsel are requiring more data management declarations and cybersecurity information from their outside attorneys, fueled in part by the European Union's General Data Protection Regulation (GDPR).

During July and August 2018, 35 legal operations leaders in Fortune 500 and 1000 companies were surveyed by Ari Kaplan Advisors and OpenText Discovery, which recently acquired Catalyst Repository Systems.

Forty-nine percent of legal operations leaders reported that the volume of government or regulatory investigations have increased over the past 12 months. The survey also noted that the the EU's GDPR, which went into effect May 25, 2018, has caused legal departments to obtain data management declarations from their outside attorneys.

“With the GDPR, we are now making sure our law firms sign a data protection agreement [and those] who receive personal data, now undergo a mandatory initial security assessment,” said one unnamed surveyed director of legal operations. “What we do is pretty intrusive and could take up to three months.”

Likewise, the GDPR's massive regulations and potential expensive penalties has given legal a louder voice with the C-suite.

“Legal has a much stronger voice at the table, especially in data privacy and security,” said an unnamed operations director in the life sciences industry. “While there were different regulations in the past, legal was not involved in data privacy and security, but due to the increased requirements from the GDPR and other regulations, legal is much more involved and in the driver's seat or being reactive.”

However, most legal departments still do not audit outside counsel's technological competency and systems, though the number is growing. In 2018, 31 percent of surveyed legal operations leaders said they audited their outside counsel's technology, a five percent increase from 2017.

In-house counsel's reasoning for not asking about their outside counsel's cybersecurity procedures can be based on the firm's reputation and size. Some assume that the larger the firm, the more sophisticated their cybersecurity standards are.

“The people who are getting the majority of our work are such large firms, we feel that if other people are trusting them, we have some level of passive assurance that they are as secure as we are,” said one unidentified respondent from the energy sector.

As legal operations work grows, legal operations teams are collecting more metrics for varying usage. Indeed, 89 percent of those surveyed said they are tracking different milestones to strengthen legal operations and internally market their success.

Still, most found implementing improvements based on metrics were challenging, according to the report.  Ari Kaplan principal at Ari Kaplan Advisors, which co-conducted the survey, said the challenges stem from no additional staff being allocated to the department.

“The potential improvements that can be made as a result of the metrics exceed the number of individuals in legal operations that can make them,” said Kaplan. “There's so many potential improvements and potential opportunities reflected in the metrics, but ultimately it's a bandwidth issue.”

In addition to tracking metrics, Kaplan also noted that more legal operations teams are performing e-discovery in-house for better efficiency, data management and cost savings. Indeed, 63 percent of respondents said they use a centralized approach for hosting and managing discovery data, up from 2017's 43 percent.

This comes as little surprise given that most surveyed respondents, 91 percent, said they have data security concerns about distributing electronically stored information (ESI) to multiple discovery vendors and law firms.

When tracking metrics regarding e-discovery, the survey found review staffing was tracked most often. Data managed, total e-discovery spend and spend per gigabyte were tied for the second-most reported metric. 

As legal operations look to improve their e-discovery process, 34 percent of respondents said artificial intelligence is leveraged in their legal department, an 11 percent increase from 2017's results. In fact, 66 percent of respondents said they believe spend on AI solutions will increase in 2019. But the enthusiasm for AI is also met with hurdles, according to the study, including a lack of relevant use cases and cultural resistance.