Information Systems: Problem Identification in a Legal Process Outsourcing Organization

Kirkland & Ellis, one of the leading Chicago-based law firms, frequently outsources specific legal services at the request of its clients (Djordjevich & Vault 2007, pp.182-183). Information technologies and globalization are the principal enablers of LPO (Legal Process Outsourcing). LPO refers to the procurement of specific legal services or support from external legal service providers. Kirkland & Ellis and other legal firms with LPO components commonly have in-house advisers or counsels charged with considering the risks, as well as opportunities, that LPO affords them. The risks include the breach of the applicable confidentiality legal along moral provisos. By and large, the LPO industry is keen on establishing own authenticity as a high-quality and cost-effective response to the heightening legal service costs (Lacity, Willcocks & Burgess 2014, p.112). Even though the industry presents many clear benefits to legal firms, it is still typified by considerable ethical along with legal concerns, some of which relate to confidentiality. The issues, or problems, should be resolved in the days ahead to guarantee the industry’s advancement.

Confidentiality is one of the principal problems facing legal firms that engage in LPO, including Kirkland & Ellis (Djordjevich & Vault 2007, pp.182-183). There have been concerns that some LPO providers lack hack-proof and secured servers. Notably, confidentiality is one of the elementary principles defining lawyer-client engagements. The Model Rule 1.6 formulated by the ABA (American Bar Association) addresses the confidentiality concerns related to LPO. The rule obligates every lawyer and legal firm to protect the information under their charge. LPO presents particular confidentiality difficulties with regard to connections security and the lawfulness of conveying, or transferring, information (Center for Professional Responsibility & American Bar Association 2007, p.97). For particular vanilla or back-office tasks such as the review of documents, there is a possibility that firms may upload given documents or certificates on intranets sites that are secure.

In some cases, the foreign firms only require limited information. They are not keen on the wider contexts of the tasks they execute. Kirkland & Ellis contracts foreign legal service firms or even non-legal service firms to work on such tasks accordingly. It then transmits the completed tasks to its clients as appropriate. The firms use servers in the transmission of the completed tasks and the related information. The tasks, as well as information, are neither protected nor safe from access by unauthorized parties from the servers, which are not secured adequately. The servers are susceptible to being hacked and the information drawn from them (Barrett, Byrnes & Silverman, 2005). Some of the firms set up several security controls for their servers to forestall hacking but the controls are not adequate to stop it.

With the increasing incidences of cybercrimes, there is a growing danger that more and more LPO providers will have their servers, which are not adequately secured, accessed illegally by hackers (Barrett, Byrnes & Silverman 2005). The hackers breach the confidentiality of the information they access and by and large, the confidentiality requirements of the cases corresponding to the information that firms such as Kirkland & Ellis handle. Globally, many servers are interfered with illegally, or breached, daily. Companies that run given servers are required to put in place adequate and effectual security measures on the servers to ensure that they do not lose confidential data.

The confidentiality challenge posed by hacked servers of LPO providers has typified the LPO industry since the 1950s. Over the decades, most of the LPO providers whose servers have been breached blame it on complacency. Complacency usually sets in since the measures they put in place by and large meet the requisite regulatory requirements, as well as auditor controls, which are aimed at allowing security personnel monitor unauthorized activities on the servers. The regulatory requirements, as well as auditor controls, bring about an erroneous sense of security. Most of the LPO providers whose servers are breached take them as adequate security if they are appraised as sufficiently good to sign off. Notably, the challenge at first, especially in the 1950s, related to patents. Over the years, more and more legal service firms have contracted particular other services to LPO providers. Presently, there are several well-established LPO providers in Latin America, India, Canada, the US, Israel, and the Philippines according to Henry (2010).

The breaches of LPO providers’ servers affect the organizational goals of legal service firms such as Kirkland & Ellis. In the case of Kirkland & Ellis, the organizational goals include the firm’s objective of ensuring that none of the information that comes into its possession falls into unauthorized hands. Specifically, the firm’s other organizational goal is to provide cost-effective legal services to own clients via outsourcing where possible (Djordjevich & Vault 2007, pp.182-183). As well, it is the firm’s goal to adhere to the Model Rule 1.6 formulated by the ABA. As noted earlier, the rule addresses the confidentiality concerns related to LPO (Center for Professional Responsibility & American Bar Association 2007, p.97).

The rule obligates every lawyer and legal firm to protect the information under their charge. The firm is awake to the actuality that such concerns can have it shouldering criminal, as well as civil liability, punishment, for specific confidentiality violations, even where they are attributable to third parties such as LPO providers. LPO providers and the firms contracting them may be civil liability subjects for the failure to utilize practical security measures, procedures, and practices to ensure the integrity of the information they handle or under their charge under rules such the ABA’s Rule 5.3 (Texas Wesleyan University 2008). The measures may include the ones geared towards securing LPO providers’ servers.

The upcoming feasibility study will be geared towards establishing how LPO providers can secure their servers to ensure that themselves and the firms contracting them, including Kirkland & Ellis, are not vulnerable to criminal, as well as civil liability, punishment, for specific confidentiality violations. The study will propose two measures towards the securing of the servers. First, the study will propose that LPO providers can secure their servers adequately through smart password management. The providers should make certain that their passwords, particularly for the users they offer shell access, or admission, are changed frequently and strong. Besides, if they use several servers, they should utilize unique passwords on each of them. Second, the study will propose that LPO providers can secure their servers adequately through the utilization of secure shells rather than telnet (Barrett, Byrnes & Silverman 2005). Telnet has sessions that are unencrypted, thus passwords and the related usernames are conveyed unsafely as plain text.

Share with your friends
Order Unique Answer Now

Add a Comment