In the previous article, we discussed how COVID-19 will accelerate existing technology trends and innovation. Here we will continue to discuss some of the implications which lawyers will need to consider and help manage their clients.
As new technology is deployed at pace, technology-related risk-spotting becomes more important
Many industries may see a shift in the demand for their products and services. The resulting process will be ongoing: last year’s blockbuster features may now or soon be redundant, and new functionalities may need to be rapidly released with less time to build effective economic moats. However, a firm’s reputation still depends on the customer experience to be seamless and the underlying systems and delivery platforms to function consistently—they must work, whenever they are needed. Sales and marketing teams understand that back end systems are an increasingly larger part of the value-added component of price as customers prioritise ease of use and reliability in the face of a crisis.
We can observe the general direction of travel which has powerful direct and indirect structural implications. The result is that every company is expanding its technology and data management and security functions. As firms strengthen these activities, lawyers must be ready to think through and help manage these risks as often so much change is happening at the same time, often in an uncoordinated way.
Here are some more examples.
When budgets are constrained but speed is prioritised, collaboration with start-ups more attractive
To leverage external capabilities and reduce capital investment, many firms are adopting more collaborative business models, entering into innovative but more complex multi-party partnerships, including with nimble start-ups to better ensure faster paths to market. Indeed, collaborating with smaller firms means access to dynamic, talented teams, working in agile and collaborative sprints to find novel ways of addressing difficult problems.
However, additional care is required to assess the partner’s maturity levels concerning risk management and governance which are likely to be very different, and this often means less can be assumed, with more validation and quality assurance required. Also, on a practical level, smaller firms will not have the same levels of insurance, which often means the larger firm funding extra insurance or opting for self-insurance. Lawyers need to help colleagues navigate responsibility boundaries and risk allocation discussions that are more nuanced and less binary to define appropriate outcomes.
To create the most compelling propositions, we may need to look outside, partner more and combine data and intellectual property
Increasingly, with partnerships and vendor relationships, parties are combining their existing intellectual property or jointly developing new features. Lawyers will need to help colleagues navigate the differences between foreground and background intellectual property to define ownership and post-termination use rights accurately.
Organisations are also producing lakes of data and are also increasingly looking outwards to combine with others’ data to create the most useful applications. Some of it will be sensitive or contain personally identifiable data and as such must be very carefully managed within the organisation and across jurisdictions given the trends of more regulation and higher fines. Lawyers too must understand precisely data flows and access controls. Brexit, the recent Shrems decision and shifting locations of data at rest mean this area continues to evolve and remain dynamic. They need to ensure they understand data flows, access to it at all times, and controls.
As we create more value by leveraging the internet, we must protect and preserve that from cybersecurity threats
As firms upgrade and transform their operations using a range of different applications, they must ensure they maintain a structured and cohesive approach to managing their cyber-security. Lawyers should help support their colleagues to ensure their cyber capability maturity levels keep pace with their external obligations.
With the constant stream of news reports of almost industrial levels of hacking, large clients and governments are mandating rigorous controls and systems upon any firms doing business with them. These requirements are challenging to implement, but with systems-based approaches, firms can use then as a positive selling point to other customers. Business lawyers need to understand these third-party requirements and help develop cost-effective compliance and mitigation strategies to avoid potentially disastrous remediation costs.
As distribution and supply chains become more complex, more mature levels of risk management are required
Pressure on costs can result in bolder choices of vendors. Lawyers must help colleagues ensure they still effectively cascade regulatory compliance and third-party security requirements down their supply chain as they will be held reputationally and in some cases, legally responsible for third party practices in low or unregulated countries. Customers, particularly those regulated by the financial services authorities, require greater focus to ensure compliance internally but also, with third-party and fourth-party suppliers.
As many lawyers this year refreshed their knowledge of concepts and limits of force majeure and frustration, they now need to be ready to lift this topic up from generic boilerplate into their checklists and contract discussions to apply the lessons learned for future pandemics, other black swan events and discussing with colleagues foreseeability and the need for requiring testable business continuity plans. As part of this, firms must maintain robust oversight, including deciding which activities can and should be conducted remotely. The recent unrest in Belarus and upheavals in Hong Kong suggest firms must actively engage providers to demonstrate they can successfully activate actionable plans.
As ever, lawyers must try to understand what is happening operationally and then apply legal frameworks
Firms are increasingly using new capabilities with less experience; and as such, there are fewer data points for risk assessment. Lawyers must therefore be comfortable with ambiguity to reach sound conclusions. With much more coming across their desks that is untried, it is difficult to know until commencement what could go wrong, but then, when it’s tough to change.
In this uncertain time, lawyers can by leaning into these issues help enormously by helping to work with colleagues to devise controls (and negotiate with third parties) to achieve a sufficient balance of flexibility, agility and optionality to ensure operations are innovative and resilient.