Digital Law: Cyber Security, Data Protection & Privacy – Peter Wright – S7E6

00:08 Rob Hanna:

Welcome to the Legally Speaking Podcast. You are listening to Season 7 of the show. I’m your host Rob Hanna. This week I’m delighted to be joined by Peter Wright. Peter is a Solicitor and leading expert in data protection, cybersecurity and its application to digital technology. As Managing Director of Digital Law, Peter advises clients across Europe, the Middle East, Asia and the US. His clients have included online retailers, financial service providers, crypto currencies, law firms, insurers and large membership organisations. Peter was previously the Chair of the Technology and Law Committee of The Law Society of England and Wales and the past Chair of The Law Society’s GDPR Working Group. He is an Advisory Board Member of Sprite+. Peter is also a sought-after speaker, having presented at numerous conferences and events, including, the British Legal Technology Forum, the European Legal Cyber Security Forum, the London Law Expo, Lawyer2050, and the Nordic Privacy Arena. So a very warm welcome, Peter.

01:12 Peter Wright:

Hi, Rob. Great to be here.

01:14 Rob Hanna:

Oh, it’s an absolute pleasure to have you on the show. Before we dive into all your amazing projects, experiences, and all the value you’re giving to the legal and wider community, we do have a customary icebreaker question, here on the Legally Speaking Podcast, which is on a scale of 1 to 10, 10 being very real, what would you rate the hit TV series Suits, in terms of its reality, if you’ve seen it?

01:35 Peter Wright:

So, sorry, was that 10 in terms of being real and 1 in terms of not real?

01:37 Rob Hanna:

Yes.

01:38 Peter Wright:

3.

01:43 Rob Hanna:

And, and your reasoning for a 3?

01:44 Peter Wright:

Um, I’ll give it, its, its, its merit. I mean, I put everything from Boston Legal to, you know, The Good Wife and The Good Fight right down there as well. They’re great entertainment. Don’t get me wrong. And Americans do this stuff far better than, than British here. It’s, it’s just, you know, you occasionally get that case where you do the little bit of work, and you turn up and you got this great argument that you can use to defeat an opponent. But the fact it happens several times in each episode is just no, no, it’s simply not like that, in any field, not litigation, or, you know, contentious or property. No, no, no.

02:21 Rob Hanna:

So we’re sticking with a justified 3 and moving swiftly on to talk all about you. So, to begin with Peter, would you mind telling our listeners a bit about your background and career journey?

02:32 Peter Wright:

Sure. The scary thing now is that I’m almost been qualified for 20 years. And I now train solicitor apprentices who are, you know, are preparing for their SQE and everything, and I kind of think, oh, it doesn’t seem long ago and then you go no, that, that was 20 years ago. So, I trained and qualified in London in the southeast, did a bit of criminal work for a time as a paralegal before I began my training contract. So, so I know what it’s like going along to, to Crown Court hearings, and the Magistrates’, police stations, police station attendants, and all that stuff. Then I ended up moving to Shoosmiths, did a few years there, did a few years with the firm formerly known as Nabarro, and is now something else unpronounceable. And it was while I was there I did quite a bit of work for the Government on a massive piece of litigation that involved handling a lot of issues around data protection rights and data subject rights. And this was in the late 2000s. So if you think about late 2000s, Facebook’s just come along, the iPhone is rapidly destroying the Blackberry, which at that point everyone else had. You could see the direction of travel in terms of how digital technology was going to be the way forward. So I really wanted to sort of start doing more work on that. And I wanted to change the way that we worked with clients. I wanted to move towards sort of fixed fees and making sure that you’re totally focused on delivering what the client needs, and work well, less bothered on just recording hours for the sake of recording hours, which struck me as counterproductive from the very first to, to put it bluntly. So, I ended up setting up Digital Law in 2013. So as you’ll see that’s now coming up to its 10 years. I should say we were authorised by the SRA in, in early 2014. But that’s just because at the time it was this horrific process that took like loads of lever arch files full of information. And you go, yes, we’ve got everything done. And then a few months later, they went oh, well we’re streamlining the process now and getting rid of all that, you went, great, we did the 10 tasks of Hercules there to prove we could get going. But anyway, we got authorised. And, I think what’s been interesting and then growing a firm over that time is I’ve seen a lot of people come along, who started firms and started firms in this space. But sometimes then grown very rapidly. You know, well we’ve acquired this great partner and this team and blah, blah, blah, we’ve merged with whatever and then they’ll either disappear or they’ll fold up and it’s quite nice to think we’ve always gone on a very careful sustainable path to grow a, sustainable business over that period. Very proud to support the solicitor apprenticeship scheme. So, we, we take on solicitor apprentices through BPP, and work with them very closely. I very much see that as the future. And, I think the other thing that’s interesting is how much of our work is based overseas. So we get a lot of clients from, across Europe, US, Middle East, and Asia. Sometimes businesses that want to come and do work in, in the UK, and are or just looking to discuss standards in terms of, where we’re going in terms of regulation around data. So, to put it bluntly, Digital law as a firm, we focus on data protection, cyber security, basically if it’s to do with technology and, the provision of goods and services using digital technology, we advise on it. So everything from those privacy policies that you see, to the long terms and conditions you see on websites, to software licensing agreements, those great big long things you click, without reading, that actually say you’re giving away the rights to your firstborn male child, we’ve drafted stuff like that, but our whole thing is not 40 odd pages of legalese, nice, clear, plain English, that actually human being can understand and won’t have to quantify unique differences is, is that.

05:55 Rob Hanna:

I love that and what a, what a journey and I saw a, a local firm where I’m from actually, I love their slogan, law in your language, I thought that was really nice. You know, we talk nowadays about you know, trying to simplify and actually, like you say, these massive documents that people just click yes and accept, you know, there is some really important information that, you know, if it’s produced in the right manner, where people can digest but probably be a little bit more willing to, to read through all that information, and indeed, probably make, wiser decisions. So, Peter, want to cast your mind back a little bit, to when you were studying because you did a Law Degree at the University of Warwick, I believe, before your training contract at Blaser Mill. So, again, you mentioned things are changing, you know, with the SQE, and you know, obviously with the solicitor apprentice, which again we advocate absolutely for, but in terms of what seats did you complete back then? And what advice would you give to people maybe who are going to start their legal career in terms of getting the, the experience they want early on, as soon as they can?

06:47 Peter Wright:

Go back to the ancient history, right, 20 years ago, what did I do? So funnily enough I did a seat on my training contract in criminal, that continued on from the, from the, from the bit, from paralegalling, and so that became like about 18 months of doing criminal work, which I did end up considering if I was offered a position, newly qualified, but it just wasn’t where I wanted to go. I’d seen enough of going around category A prisons and things by that point. So, then I did conveyancing, and me and conveyancing really didn’t mix. I need a little bit more variety in, in life and I found it, it was residential conveyancing as well, all, all of these very agreeable large homes in Hertfordshire and Buckinghamshire. It was just like, every single file here is the same. And that just didn’t appeal to me. I know a lot of people like the routine, like to, great, you just, that wasn’t my thing. Then, I moved to doing a seat in litigation, sort of bit of mixed liability, a bit of personal injury work. And then yeah, my final seat then became a mixture of that, little bit of family and a mix of, bit more personal injury. And then yeah, that, that was it, qualified. So, I got a got a good mix there. And then initially when I then went to Shoosmiths, it was to pursue civil litigation, mainly, which is therefore quite bizarre, because if you were a potential client coming to me now saying I’ve got a dispute, I’d say I’m sorry, we don’t handle disputes. So I’ve got my fill of them over the years, basically.

08:07 Rob Hanna:

I think that’s really, really interesting, actually. And maybe we, we should talk a bit more about that in terms of career journey and, and decisions. I think it’s super inspiring what you’ve done with Digital Law and as you say, 10 years, you know, successful business, you’ve been well credited with The Law Society, SRA, so on, and so on, and so on, all these great speaking event, but also, you know, people are sometimes scared to take a risk, or maybe make a career change, or sort of take their career in a different direction. So could you took us, talk us through maybe onwards from Shoosmiths, then obviously you went to be a Senior Associate at Nabarro, name something else now, as we know, and then you were sort of moved on to a couple of other firms. Could you just talk us through, that career decision making process if you like and, you know, any, any sort of shared wisdom you would share there?

08:47 Peter Wright:

Yeah. So when I qualified it was yeah, I was, had several different options, ended up looking at, going for, for, for Shoosmiths. Very different firm that. As you said, I’ve trained at Blaser Mills, that sort of a large regional firm, in, in, in the home counties, so offices in Hertfordshire and Buckinghamshire, so all these glamorous places like Aylesbury, Rickmansworth, Harrow, High Wycombe, and then to sort of go to Shoosmiths, very different type of work, working with big insurers on them, on some of the claims that they were handling, did that for a few years. It really wasn’t firing my interest, I suppose. When I then went to Nabarro, that was quite interesting because I went from like, show a lot of newly qualified solicitors will have this, you go from a big caseload, you know, 40, 50 odd cases, through to like just 1 or 2 really, 1 massive matter, and then a few other sort of ancillary things just to keep your hand up and doing a few other things. But it was a massive big group litigation that was taking place worth about 15 billion pounds. And so all our time was sort of spent working on that, my particular area was the disclosure. So we ended up reviewing 15 million files to then disclose 30,000 individual documents, so huge amounts of issues around personal data with that. I always tell this story, this will be interesting now for, you know, we’ll find out who the young people are listening to the podcast and those who are a little bit older. Because I always remember, there’s that scene at the end of Raiders of the Lost Ark, Indiana Jones kids, where you see the Ark of the Covenant being stored in this huge warehouse as the camera pans back in 1 of these great moments of cinema. And I’ll be honest, I was getting old when I recounted the story to 2 of my apprentices who looked at each other and looked at me and said, he said, who’s Indiana Jones? So I went, here we go, the 80s did you, but the point is, is that, I was handling the review of documents across these, 1 of these massive warehouses, which logistically was fascinating because you would get the hardcopy stuff, and you would have to scan it, and then use optical character recognition to see what was on there. And the word searches and what was where. So, so that was quite interesting, though very, very specialist work. But that’s what fired my interest then in data. And then after my spell at Nabarro, I knew that’s what really I was more interested in was the data side of things, than, than really pursuing any more litigation, which by that point, I pretty much had my fill of those wonderful 5 o’clock emails that you receive from the other side on a Friday evening, and it was just getting spent, no, not really sure I want to do this for the rest of my career. And then I realised that the only way of really being able to, to focus on that in the way I wanted to was going to be through starting my own firm. That was the interest. I mean that was, the logical decision and the logical extension. The scary bit was that I then had no money, no clients, no office, nowhere to start. And like most people would have, you know, some of those scary commitments like a, like a mortgage, you know, you’re, you’re then suddenly left thinking, but where does this go, I was, I was blessed with the fact that, I had married an American lawyer, about a year beforehand, who perhaps subconsciously had given me these wild ideas of it’s actually good to be entrepreneurial and start your own firm, which I think we’re a bit more reticent about in the UK, but she sort of, Heather sort of, steals me to think that this was a possibility that this was something that we could do. And I say we because Heather has been invaluable in helping me on, on, on this journey and working with me, and still doing huge amounts of, of, of, of the work, which, which we do, as, as well as along the team that we’ve, we’ve, we’ve, we’ve, the team that we’ve now built. And indeed sort of mentoring and working with those young lawyers is something that happens, absolutely fantastic. But the point is, is that we started, you know, with commitments, with a mortgage, things you’ve got to pay, and that is the scary bit, you know, where you’re like, what’s going to happen now, you know, and you’re, you’re trying to get that work through the door and making sure that you don’t underprice yourself, and making sure that you start to build a sustainable business. And in those first few years, half of all small businesses fail in the first year or something like that, or, or a majority of. So those first few years can be pretty, pretty hairy. And obviously then we’ve gone through interesting things like a global pandemic, which presented its own set of unique challenges, too, because as you can imagine, certain projects and things jump off a cliff and you’re like, well, how are we going to replace that revenue. But, the interesting thing is, well, we then developed our services over that time. So we now do things like offering subscriptions to our clients. And, so we’ve been able to build up rather than having that sort of very peaky trough and troughy turnover, and we end up with a much more stable business as a result. And that, that’s very much where we are now.

13:30 Rob Hanna:

Yeah, and I love that. I’m, I can’t see, but I’ve just been nodding along to everything you said, because it, it takes me back to when I was starting my own business. And you know, I think of the Billie Jean King famous quote, you know, pressure is a privilege. And you know, you know, the comfort zone is great, but nothing grows there. And, you know, you’ve articulated there, you know, you’re taking this risk, you know, you’ve got mortgage, you’ve got dependent, you know, you’ve got things that, you know, need to be sorted. And I think sometimes putting yourself in that uncomfortable position, you know, it can sometimes bring out the best of you and clearly for you it has been success. And you’re absolutely right, 10 years on, you’ve probably seen quite a lot with a global pandemic and everything else going on. And I love your strategic move in terms of that MRR, that monthly recurring revenue or that subscription model, because again, that’s a great way to, you know, mitigate risk and also ensures cash flow coming into the business. So it’s very shrewd how you sort of operated and navigated through. You’ve talked us through your, your interest where that stemmed from in terms of data protection. I want to talk a bit more about some of your roles, because you’ve held various positions within The Law Society, most notably the Chair of Technology and the Law Committee of The England and Wales Law Society as I mentioned. What responsibilities does that involve? Because it sounds like a fascinating role to me.

14:36 Peter Wright:

Yeah. So, I had a period as a sort of a Member of the Committee and then, was, was appointed Chair following an interview process. So the way this works is you sort of appointed for a term and it’s, it was absolutely fascinating because you’re getting into discussions on very specialist areas of policy and this for example, was in the run up to the introduction of GDPR in the UK, which was always going to be a big shake up. So there were policy issues around, you know, what should The Law Society be doing in terms of its approach to data protection, should we be really, really prescriptive and tell lawyers exactly what they should or shouldn’t do. And of course then there’s the dangers of well, you know, liabilities and things around that, as, as well as the fact that, if you’re too prescriptive, people will follow that, and then potentially not actually think about how that properly applies to their firm and what they’re doing. Bearing in mind there’s 10,000 law firms in England or Wales and guess what, each of them operates in a different way. Each 1 has different focuses. Each 1’s will have its own concerns in terms of legacy technology, in terms of volumes of clients, in terms of the type of data, in terms of whether it’s special category, so about, you know, like criminal or work, all those details of past conviction, you know, or, or anything like that is special category data, as is data relation, in relating to medical records. So there’s personal injury claims, medical negligence claims. Yeah, you’ve got some firms that have got a much higher obligation because of that special category data than others. So you can’t pigeonhole this. So you get into issues around that domain. Look, we talk a lot now about law tech. And we think it’s the big shiny thing. But actually, it’s, it’s been a thing for a lot longer than we tend to think. So going back, we were talking about law tech, when I first got onto the, Committee in sort of 2011, 2012. It’s, it’s bigger and more sophisticated, that the platforms now are much better funded, much better thought through and much more developed, much more user friendly. But there were systems out there that were trying to do these things and innovating. And indeed, you know, there’s a lot now that you’d, you’d recognise as being quite big players in the market that, you know, were then sort of taking their first steps back there. But the, in terms of yeah, we’d, we’d get involved on the policy of things. And they also things like, practice notes, which practice notes should be updated, and how we’re going to handle that, and what should the advice be, and then making sure what’s in there is peer reviewed and checked and. As well as then looking at, you would have members who of the, Technology and Law Committee who then have come back saying well, I’ve been to the American Bar Association and I’ve seen that they had, they were discussing this or I’ve read such and such article, or I’ve seen this or. The important thing is always remember, you know, the UK, England and Wales is not an island in of itself, what’s happening in Europe. We always had a good input from, Anna Drozd who was based in the Brussels office of The Law Society of England and Wales, who would be really plugged into what was happening at a, EU level, you know, what’s the Commission doing? What papers are going before Parliament? What’s currently in a trial log that they aren’t talking about? All these, these sorts of things, as well as what is a trial log? You know, they’re the sort of things you start getting really into the finer details of, so it’s absolutely fascinating from, from that perspective.

17:34 Rob Hanna:

Yeah. It’s, it’s fascinating listening to that and your experiences. sticking with, you know, really suitable and really credible position. Time for a short from the show. How do you fit your entire law firm into your pocket? By using Clio’s legal software, that’s how. Clio is the solution UK law firms choose to help them work more flexibly, wherever they are, because it works on any device, including a laptop, Mac or mobile. You can carry Clio with you wherever you go, record your time, manage documents, send client communications, and even keep colleagues updated when you’re on the move. Whether you’ve got to do the school run, commuting to meet a client, working from home or the office or anywhere in between, Clio fits around how you want to work. Want to see how it all works, check out Clio dot com forward slash Legally Speaking. That’s C L I O dot com forward slash Legally Speaking. Now back to the show. You’re also previously the Chair of The Law Society GDPR Working Group. So, what impact has GDPR had on the legal profession, particularly in the City of London, since its implementation? What would you say? And maybe it’s an extension of that, some of the misconceptions about GDPR among legal professionals, and I notice the grey area.

19:02 Peter Wright:

Oh, how long have you got? That question could have powered this podcast today.

19:09 Rob Hanna:

We did leave it to halfway through so you’ve got time, this is your moment.

19:12 Peter Wright:

If, if I tell it, I still get really frustrated now 5 years into GDPR when people tell me, when lawyers tell me, oh GDPR is all about consent. Is it? No, no it is not. Article 6 of GDPR will tell you the fact that there are lots of different ways that data can be processed and we are forever telling our clients, which include law firms, accountants, banking, insurance, financial services, if you cannot process consent, because it’s cumbersome and difficult and time consuming, that’s all to the good. You know, that you’ve got legitimate interests, you’ve got contract, you’ve got loads of different bases to operate, without going down the route of tick-box consent and, we are forever saying to our clients, sometimes they’ll say oh, I’m just doing this exercise so here’s the screenshot we’ve done and there’s usually, they’ve put in a tick box, you’re like, what’s that tick box for? Oh, we just want their consent to do that. Why you doing that? Well, we have to do it because of GDPR. No, no you really don’t. So, and that is a problem I say in particular through, across law firms. Well, that misconception is what it’s actually about. And people ignore the data subject rights, and actually the burden that you need to have in place to properly deal with a subject access request, or right to erasure, right to rectification request properly, without ignoring it, and then leaving it until 2 days to go, which very often still happens in quite large organisations to the point that they call us and say, can you help us with this? And helpful if you’ve given us a bit more time but. So, unfortunately people very often approach GDPR A with that misconception, B they think, oh, if we’ve just got this large policy here that says what we’re doing, that will do it for us, and then we don’t actually have to put into practice what’s in the policy. So it’s that regulatory gap between what’s written somewhere and actually proactively demonstrating compliance. And then there’s a failure to interpret to appreciate, on an interlocking basis how data protection law in the UK is not GDPR, it’s the Data Protection Act 2018, which actually UK GDPR, which is different to EU GDPR, which in turn, is different now in terms of how you then have data transfers back and forth. And then the way that interacts with, if your data was stored in the US or elsewhere. Through regulatory enforcement now, data protection in the UK with, Jonathan, John Edwards, our new ICO, I say new ICO, his been in there for a year and a bit now. But he’s doing things very, very differently from Europe. So, we are diverging, even though the law remains in theory based on the same thing, the GDPR. So, so there’s those, those 3 big challenges that, that you have to face. So, even now we find ourselves going into some of our law firm clients, and they’ll say, oh how can you deliver a briefing at an executive level for our senior decision makers? Absolutely, we can do that. But in reality, sometimes you’re having to go right to begin right in at the beginning, explaining what personal data is, and how that properly applies. And if you can get personal data out of your data set, guess what, none of this applies. And that sort of moment of coin dropping, and oh, right, oh actually. So if we do this, this and this, we don’t have to worry about regulatory compliance. No, you don’t. Oh, oh right, I appreciate that. It’s something that happens the world over from law firms to when we’re talking to data scientists, to when talking to tech start-ups. So, yeah, there is always massive misconception. That wasn’t all your question though. You also asked, how’s it checked in big law firms? Well, and I’d say a lot of them now do pay attention more to their compliance around data. In particular, when you look at some of the consequences. I mean, we’ve had 1 large formerly public, well 1 large publicly listed law firm fold this week. And 1 of the reasons was, they had a ransomware attack last year, that cost them 5 million. Now, they haven’t said we’ve folded because we of that 5 million pounds. But it didn’t exactly help. And did I think it may have been the thing that sort of pushed them over the edge. But the, the point is, is that, you can spend the money on the compliance. But if you’re not tying that up properly, between your data compliance and your cybersecurity compliance, and properly having the right culture across the firm, to identify risk and do something about it, you, you can be spending a lot of money, but not actually a, following the letter of the law, and then still leaving yourself open to risk, which seems to happen in too many organisations. Because if you are following what the law asks, this wouldn’t happen quite so regularly.

23:15 Rob Hanna:

Yeah. And you made so many wonderful and very important points. I think back to a conversation I was having with a, a friend of a friend who works for a huge international manufacturing company, and they’d had a cyber-attack. And that was, I think they’re 6 months into that and the staff is still doing nothing, because they’re still having to do all of the, sort of looking into this. So the staff are turning up. So it’s not only just sorting that issue, it’s the knock on effects of the wider business and the productivity of the employees and, the systems and all of these things. So it’s, it’s really, really important that you speak to people like Peter or get your head screwed on or like you say, those nuggets of, if it’s not personal, it’s less of a thing. You know, all these little things, when you speak to specialists can really help you, navigate what may seem quite, quite daunting, quite easy. And I do say you make it look very easy. I know you’re very, very qualified, but the way you articulate it does make it sound super easy. You’ve touched on it in terms of multi-jurisdictions because you help clients across the UK, Europe, North America and the Middle East. Have there been any memorable clients or cases you’ve worked on, that you’d like to, to share with us in particular?

24:14 Peter Wright:

Yeah, without betraying any confidentialities I suppose. So 1, 1, 1 matter, I ended up flying out to, to Riyadh before the pandemic, that was quite interesting working with a client there on, it was more of a sort of consultancy role rather than legal advice. But it was interesting at that point that was early in the project, and they wanted to sort of take account of, what standards are prevailing internationally so that they could take account of that in their bill. Then, yeah, we’ve, we’ve, we’ve done quite a few different bits of work. I mean, 1 of the things also that I do is I do have quite a lot of work with the European Law Students Association where I end up just then lecturing on, data and, cyber and, tech issues. So sometimes, you know, I was in Prague earlier this year, at 1 of their winter law schools and we’ve, we’ve done similar things at other cities around Europe, which is always fascinating. But I’m going to surprise you because 1 of the most interesting things we did was a pro bono exercise because we still think it’s important, particularly with our apprentices, to make sure they’re then engaged in thinking about not just what we’re doing from a data and a, a business perspective. But we actually then ended up helping someone who was rough sleeping outside the premises of 1 of our clients. And it turned out they’d been people trafficked across from 1 of the Baltic States, so they were a victim of trafficking. They were that time engaged in what you and I would term modern slavery. I working for no money. Just the promise of a bed, which hadn’t turned out, which is why he was rough sleeping. And then when we got talking to him and got a translator involved, we found out that he should have been receiving Universal Credit. After a few months, we got that credit, to be paid, we got him into accommodation, we got him off the street without getting any medical care. Unfortunately, after pushing and pushing and pushing and knowing there were issues, he was eventually diagnosed with a terminal illness and actually unfortunately passed just before Christmas. But that whole thing took about 3 to 3 and a half years. I think for our apprentices, it was a real eye opener to see how the system works, and sometimes how cumbersome that system is. And to this day, I think, well, if, I don’t know how this individual this gentleman would have fared, if he hadn’t had legal advice and was trying every step of the way to decipher everything you can tell him what to do. And I don’t know how, I don’t know how someone is supposed to navigate that system. In that scenario, if you don’t have, the, support, I should say as well that his immigration status was entirely sorted. And he had come over at a time when that country was part of the European Union so there was no question from an immigration status I, I should add before anyone starts, wondering if there was. So he had fully settled status and everything. But it, it as I say a labyrinthine nightmare of a system and, and how you’re expected to, to navigate that, at times I felt we were in some sort of Terry Gilliam drama, you know, and it’s totally alien to me, given my background. So I wasn’t familiar with how these things work. But, that was a real eye opener. And it just as I say it was just an incredible learning experience I think for our apprentices.

27:07 Rob Hanna:

Yeah, no, absolutely. And thank you for, for sharing that. Obviously you know, it’s sad ending to, to that particular story. But you’re right, I think you know, there is a lot of learnings that could be, could be taken from that for particularly, you know, that, that future generation of legal talent. I’d mentioned in the introduction, you’re, you’re a speaker, but also you do a lot of writing as well. And in your Clio article titled ‘12 Essential Questions to Ask a Legal Software Provider’, you outlined 12 key questions to obtain answers to, whilst evaluating the use of a platform. So, would you mind summarising those 12 areas? And why is it significant to review a legal software contract?

27:45 Peter Wright:

Yeah. So, first of all, I think the key thing on this is always do not rush into these sorts of decisions. I mean, Rob, you and I regularly go along to some of these sort of law fairs, where you’ve got loads of exhibitors, and, you know, some very slick sales promotion, from different people that stands who will not let you walk by without taking your registration details and, showing you their status system and giving you some chocolates and saying, you know, we’re now going to, to send you lots of information on the back of that, or, or even trying to sign you up there and then to, to a contract. And I think the key thing is always ask, there’s a few questions you always do need to ask. And the first 1 is always that 1 that you should ask with anything before you sign it is, how long is this going to run for, exactly? Is there a break clause? Is there a cooling off period? You know, what, what, if you change your mind? What if you find that this system simply doesn’t work for you? What if you just want to walk away? You might find that, that ability is not actually in the contract. Indeed, it’s, it’s a matter of just, I mean, the funny thing here is that lawyers will enter into these things, yet, they wouldn’t advise the client to sign a contract like that. Going back to the world of conveyancing, you know, if you’ve got a standard contract that had that, you wouldn’t be saying to your client, oh yes accept that, you’d actually go through and put a line through half of it saying, no, no, no, we can’t possibly have that. But when it comes to decisions that they want to make for themselves, so often firms, have just rushed into this, oh it looked really slick and snazzy. And, someone came out to the office, and we had a really good presentation that all the partners loved it. And we’ve signed up, and, and now we’re stuck in it for the next 5 years. And you’re like wow, okay, did you even check that the system will develop and evolve over that time? Or are you literally stuck with, you know, something now, that will not evolve during a period when technological development means that systems are exponentially developing, or they should be? But some, some providers out there have got a system has preserve preserved an aspect, you know, it just doesn’t change. So, you know, what are the contract terms in there? How long does it run for? Is there a break clause which, which any real estate lawyer worthy, worthy of the salt would be saying when it comes to a lease, but for some reason people don’t think to apply it to, to, to this sort of scenario. The next thing to consider is how secure is it? And if you don’t know, anything about encryption should still ask, is it encrypted? What is it that’s encrypted? Is it encrypted at rest? What about if we’re sending information to go onto the system? And how does it work? Is it web based? Is it on a server? You know, and you should be able to get basic questions like that back. And I will take with me to my grave the fact that 1 year I was judging, you know, legal software supplier, 1 of these conferences, and we’ve had to look at a few of them to be shortlisted. And 2 of them when I asked the question, what encryption standards are in place? Not, you know, technical, where are the servers? What’s just, what encryption standards are in place? Oh, I don’t know. I’ll have to find out for you on that. So you’ very slick salesman in the, in the slick 3 piece suit and the fancy haircut and the, didn’t have a clue on, on that, this is just basic technical scrutiny. You know, where are your servers? Are they in Europe, are they in the UK? Oh, I don’t know. So, this is really quite crucial. How secure is it? Where is the data health? And another thing to then check is, do you get a free trial? If it’s a good system, wouldn’t it be great to be able to use it, see if it works, and then, no obligation? We can either, get shot or we can keep it. I mean, you know, it’s the free trial 1 of these work? Yes, you provide us with all of your secure banking information. And then, you know, you have to cancel it within 48 hours of this conversation, using a carrier pigeon and triplicate wording, and if you use black pen Rob rather than blue pen, well, it won’t be valid. So it’s these sorts of little things you need to really check. Is a free trial a genuine free trial? Or, or is it just a precursor to then a contract that’s going to run and run and run, that you can’t get out of? Then the next thing is just, is the basic regulatory compliance, you know, does it actually comply with the requirements of the SRA or any other regulator? I say, any other regulator, because if you are a firm engaged, doing a lot of work in financial services, you might be wanting to think about a few of the things that the Financial Conduct Authority says, as well, when it comes to storing data, when it comes to recording calls for example, when it comes to storing that data, transmitting it, et cetera. These are all things you need to consider. And then also I think it’s still, you know, will, is the software, or the system that you’re looking at, is it, going to allow you to work in the way you want to? Is it gonna put hurdles in the way of your staff? You don’t want them to get so cheesed off with it that they look at, we always used to prefer doing the other ways so we want to go around it, rather than use it. So, you want to make sure it’s reactive to needs, that it’s proactive, that it helps people in their job and doesn’t get in the way. I mean, I still remember 1 firm we went to, and we were doing a general sort of audit on data protection, we found out their client on-boarding process was handled by the receptionist. And the receptionist would receive ID. And even though they’d set it up and said, right, you use a screenshot on the system, and you take a screenshot of the ID, and you put it on there. Instead that wasn’t happening, and she was using her iPhone to take a picture of it, and then email it into the system. I was like, why are you doing that? Oh, it’s easier. Right. Where’s that data being stored? On your personal iCloud. That’s not really compliant is it? Oh, oh alright, okay. But no, I mean, she was doing something that, to her felt and seemed easier because the system she was being asked to use was cumbersome and make it, when you got loads of other things to do you don’t want them, it’s going to make your day even more awkward than it already is. But it was actually in, putting them in legal and regulatory breach, what they were doing. So the point is, is a actively engaged and see what your staff are doing. Don’t just presume it’s happening properly. But also make sure that you’ve got that flexibility, because if you haven’t got that, it’s not going to aid your productivity at all. So it shouldn’t get in the way. A final couple of things are just, is it flexible? Can you upload videos of, for example, the, the conference call that you and I are using now? Could you upload that and play it back? Can you get audio files on there? Pictures? Are you restricted in terms of file size? Are you restricted in terms of the size of space you’ve got on there as a whole? You don’t want to be forever having to pay for more and more storage space. And then finally, I just say, does it offer secure client communication? Can you get client off email? If you can, you are minimising risks so much more. Because if you can get them onto a secure client app or a secure portal, and, a it’ll be quicker, it’s more secure, it means you’re not having to worry about these long email chains, that’s going to help. And finally as well, customer service, can you call a human being and talk through a technical problem that comes up? Or are you being charged a premium rate number for a phone that is never actually answered? So, that is all available at that Clio article is some, I’ve tried to summarise that in, I think in about 1200 words.

34:20 Rob Hanna:

I think you’ve, I think you’ve done a very, very good job of giving us, a good summary there. And I think you touched on a lot of, a lot of points and you know, particularly about the 1, you know people invest or companies invest in a lot of this technology, actually getting people to use it correctly and the training and actually the adoption of it like you’re mentioning, you know, well, if I’m keeping it, you’re used to doing it this way, and we’re now you know, finding it really difficult. I think that training and implementation things very important. And it all everything you said to me just goes back to what, a lawyer friend said to me, don’t, don’t hire a, a lawyer to answer your questions. Hire a lawyer because they know the right questions to ask in the first place. And I think that gives the right example there and says you know exactly the right sort of questions to ask, to get the information that you need, that’s actually going to be super helpful. So I guess sticking with advice, what advice do you have for law firms considering purchasing legal technology?

35:07 Peter Wright:

I think consider it carefully. I would have a, put together a small group of people who have an interest in this area, who are hopefully, sort of digital natives, are used to using digital technology on a daily basis. Let them take the time to speak to a number of suppliers, properly engage with them, don’t just say, oh well, we had a conference call with 3 different suppliers and we’ve selected this 1, you know, and try and if possible, meet face to face. If possible, I’d get, like I say either a free trial or certainly a demonstration, not just someone showing it to you on death by PowerPoint and a series of screenshots. Actually see if you can get in there and get the look and feel of it. Does it work? And is it intuitive? And is it easy? Is it straightforward, because you don’t want to find something, that a might be dated, in how it actually looks and operates or is slow and cumbersome or difficult to log into, or restricted? You know, ideally you want a system that works on your laptop, your tablet, your phone, seamlessly, fully integrates, shouldn’t be a problem in this day and age. But you’d be surprised how many it’s like, oh well we’ve got an iPhone app but that’s the only thing we ever developed, so if you’re on Android and everything else, you can go and forget about it. That’s not really going to be properly helpful is it? So, it, it really is a matter of, I’d say get a look and get the look and feel of these things and understand them. Then I’d say, you sort of apply some of the questions that I was just sort of running through. Is it properly compliant? You know, is there anything from The Law Society or the SRA, where they have talked about these article, these systems where, if it’s, especially if the legal system, have they talked about it? And also then, bear in mind that you know, those, those security questions, you know, is it cloud based? Is it gonna be something that goes on a server in your office? If it is that sounds a little bit old fashioned, but what you might want? But if so, how’s it going to work? What are the ongoing costs? Are there any hidden cost? You know, really sort of be able to answer those questions, and then open yourself up to scrutiny from the wider, you know, other directors or the partners, and be happy to answer their questions. And if you can’t give an answer, well go away and find out what the answer is. So it should be, you know, a clear, transparent, potentially a little bit protracted process to make sure you get the right system. Because whatever you end up then getting, you’ll probably end up using for a very long time. So it’s 1 of these sort of, you don’t want to sort of adapt, adopt in haste and then end up having to repent at significant leisure afterwards. You want to, to know that you’re getting the system that’s going to be right for you, the right partner for you and, and that isn’t something that you’re gonna be able to work out just through an afternoon of reading a few magazine articles and going oh yeah, that’s definitely the 1 for me.

37:43 Rob Hanna:

Yeah, no, I think you, you make a really good point of, you know, invest your time upfront to start with, to potentially hopefully eradicate longer term future headaches and problems down the line. So, I guess that segues quite nicely to my next question, in terms of, how good is legal technology out there on the market today? And is there any specific tech you would recommend?

38:03 Peter Wright:

So, the systems have developed a lot in the last few years, they’re getting better, we’re now already finding that there’s a few that are, you know there’s a few firms out there, that we know are using AI. That doesn’t mean that you should be using ChatGPT to draft your client related documents. Indeed, it doesn’t. Its already been banned by the Italian data protection regulator. So if you are using it for client related purposes, you shouldn’t be. And as some firms, make sure that your junior lawyers aren’t using it, aren’t using it, thinking, oh this is a great really quick way for me to get my letters turned around or whatever, because you shouldn’t be. So just, just be mindful sometimes that some of your more tech savvy younger lawyers are starting to use stuff, just because, you know, partnership or firm hasn’t said don’t use that. They’ll think oh, we can go ahead and use it. So sometimes be careful of that. Same, same goes for WhatsApp and things like that, that you shouldn’t be using for legal services either. That’s a conversation for another day. But it’s, it’s, it’s very much a, a matter of really being able to make, make sure that you’re getting the right systems used in the right way. That means, they are developing rapidly. The other thing I’d say as well is try and get away from having to use 4 or 5 multiple systems to do the same thing. So many firms I speak to, it’s like oh the conveyancing department like this system, we use this system for time recording, we’ve got another system for billing. And then we’ve got this case management system that these 4 departments are using, apart from this partner who doesn’t like it and continues to use this old system from 1983. That’s what you usually find is happening when you know, 1 system to rule them all would actually be so much more straightforward for, for a lot of firms. So, find 1 that’s integrated and does as much as possible and try and get rid of any older legacy systems where you can, or use a system that offer, offers integrations with older legacy systems so you can then at least still access or use older data. But, going forward sort of just use that integrate, that, that 1 system that should be user friendly and work for everything. And that there are a few out there, I’m, I don’t know, is this like the BBC, are we allowed to name specific ones? So, you know, fruit based operating systems?

40:04 Rob Hanna:

Well, if there’s some that you’re potentially fond of, I think you can give them a shout out for what it’s worth?

40:08 Peter Wright:

Okay, well, I am a fan of Clio. I am a, I was an, also I was at 1 of their innovate legal events a couple of weeks back in Manchester that was really, really good, which just had a panel of lawyers talking about their use of technology and their experiences over the last few years. So, actually, when we’re going back to the question of how, what would you do when it comes to just starting to think about law tech. To actually go and engage in either go along to events like that, where you just hear lawyers saying, well, you know, at my firm we use such and such, and this is how we do it, and what we get out of it. Yeah, either in person or, or, you know, either register for a webinar or get something on demand that just where you can hear about other lawyers talking about their honest experiences. And I think that’s always really helpful too, and Clio are always very keen just to say to existing customers who are happy with them to sort of put them and, say you know, right, if you can go on to that stage and just talk about your experience, you know, I think, I think that demonstrates confidence in a good product, ultimately. And also product that’s evolved a lot over the years when my wife, Heather, first opened her law firm in America, she was an early adopter of Clio in the mid 2000s. And it was a good system then. But it’s now evolved. It’s unrecognisable now, and is operating and all these different jurisdictions. But, the, the ethos remains the same. Very user friendly, very efficient. And as I say it continues to evolve over time.

41:25 Rob Hanna:

Yeah. And I think that’s the, the key point isn’t it, finding, and you touched on this earlier before, it’s finding those legal technology providers that are evolving, because you know, we’re in this speed of, of, of change and technology advancements. And, you know, you’re going to be taking, you know, virtual hearings in particular Metaverses and all these various things that are happening now and will be in the future. And sort of, you know, TEDx and I think actually having these systems that are moving with the times is super important. Okay, so I want to talk a little bit more about networking if you like and networks because you’re an Advisory Board Member at Sprite+, I believe. What is the network about? And would you mind outlining the 3 goals and what it stands for?

42:01 Peter Wright:

That’s putting me on the spot. Security, privacy, identity, trust, enterprise I think. It’s a, basically a partnership between, it’s organised so, basically academics on that as well as those from the public sector and those from the private sector all coming together, to talk about issues around security, personal data, use of it and innovation, who I’ve had some fantastic opportunities to, to speak to and work with some of those doing university, research at some of the country’s leading universities in this area. I’ve been able to hear briefings on some of the work that they’ve done. 1 of which was, some research that was done on, basically they put together a secure room and filled it with IOT devices. So everything from your, remote vacuum cleaner to the remote toothbrush, the, the, the you know, connect your toaster, so it’s connected, or the fridge freezer, we’d have all this stuff in there, and then looked at where it was sending the data to. And something like even though a lot of might have been from Europe, or from America, or various places, something like 85% of them were sending data back to China, because they were relying on individually on other bits of systems and tech, and they didn’t necessarily know how operated and it was just spiriting huge amounts of data back. So, so you know, that means people that will turn up there from some of the government security services and provide updates and info as well. So, you now, that’s been a fascinating to, to work with them over the last few years. And, yeah, I mean, the value of networking is it’s always good to, I suppose I’ve always enjoyed networking with the lawyers just to see how other firms approach things, the problems they have and indeed a lot of our clients are, are lawyers and law firms. But also it’s good to get into, into different forums and speak to and share expertise with, with others. And I’ve, I’ve always done that on a local level so here in South Yorkshire, as well as then doing things on a sort of national and international level. So, and indeed, it was only, only nice to meet my wife by going along to an American Bar Association Conference in Washington DC. So, you know, it’s, it’s funny the directions that network and networking can ultimately take you in.

44:04 Rob Hanna:

Absolutely, absolutely. And yeah, we’re big Heather fans, by the way on here, on the Legally Speaking Podcast. So I think she’s awesome. We can’t finish the podcast without of course talking about your toolkit, because you are the author of the ‘Cyber Security Toolkit’ endorsed by The Law Society, myself, I’ve even reviewed it. So “if you’re looking for ways to enhance cyber safety, or hoping to learn more about it, then this comprehensive guide will be a big help”. This is what I quoted. Can you tell us a bit more about the book and the key areas that you explore?

44:33 Peter Wright:

Okay, so first of all I should also say that my co-author on the book is Dr. Heather Hansen, who is also my wife. And what we’ve done with this new edition, the 1st edition of this was published in 2016. And you’d be surprised how quickly this stuff ends up becoming dated. And then we were just about ready to go having updated the, this in sort of 2019, 2020 and along came a global pandemic. So we updated it to look at the risks around when you’re working from home, when you’re using more mobile technology, when you are using law tech, some, some of the issues that come up around that, and a lot of the sorts of things we’ve just been talking about during this, this, this podcast today. So we’ve tried to make it as relevant as possible. The unique difference I think that this book has though is it’s designed for lawyers, we know that a lot of lawyers are technophobes. We don’t have an element in our legal education and training that looks at data and technology. We should, in my opinion, it should be covered when, you know, you’re going through. I mean, we spend 6, the best part of 6 years doing legal education and training, I think it should be part of it. But the point is, is that therefore sometimes we don’t know what questions to ask if a supplier like I was talking about earlier, when we don’t know that these sorts of issues around cybersecurity. We aren’t comfortable looking at using technology to deliver legal services, naturally. So, what we’ve tried to do is to incorporate things like forms and templates and checklists in that clear, accessible language, clear, plain English, explaining some of, removing the jargon where possible, explaining what a lot of those technical terms mean. So we, we really have approached it in that way to make it clear and accessible. Hopefully not too scary. Review of the 1^st edition basically said this is terrifying. Yeah.

46:11 Rob Hanna:

Yeah. And I have to say, I think it’s a wonderful toolkit. And I do encourage people to, to check it out. There is a heck of a lot you can learn even if you do know something we know quite a bit, I still think there’s some, some, some good nuggets you can, you can get from the toolkit. So, before we do finish up, Peter, I, I want you to give me 1 piece of advice for people who might be interested in getting into data protection or GDPR and cybersecurity. What’s the 1 piece of advice you would give, give to them?

46:37 Peter Wright:

I, I would say be prepared to learn something new every day. There will always be something new that you read. And I think you need to be prepared to continue to learn the whole time. And I certainly continue to learn every day. I learned something new about the architecture used behind TikTok and some of the privacy issues around that. Just, doing a little bit of research before I came on to this podcast. And already I’m thinking about, don’t forget about that, do something about it. I’d say if you’re particularly if you’re looking for that sort of challenge, it’s a matter of establish the basics first, establish that sort of framework in terms of what a lot of these terms are, how they all work. And then you’ll find that you can sort of build a lot of your information and skill on top of that if you’ve got that good, solid foundation. So, I’d say that’s useful. So the other thing is, of course, if you want another source of information will be The Digital Law Podcast, which is also available on various good podcast providers, where we talk about, a lot of the times just things like the regulatory enforcement and, and things that are happening, you know, regulatory breach of the week and that sort of thing.

47:37 Rob Hanna:

And that was actually going to be my next question about Digital. Where can people learn and find out more? Is there any other sort of social media handles or, or places people can find you in addition to the podcast?

47:45 Peter Wright:

Yes. So we do a podcast, which is on Spotify, Amazon, Google, Apple, all the providers out there, and we, we generally do a sort of try, and so it’s going to be a strict sort of 15, 20 minutes, usually ends up being a bit longer because I tend to get, the lift the bonnet and get into some of the stories on there. So we do that. We’ve got, we’re on Facebook, Facebook dot com forward slash Digital Law. We’re on LinkedIn. We are on Twitter, at Digital Law UK. And we’ve got our website, www dot Digital Law uk dot com. So, lots of different sources of information and, and ways to get in touch. And hopefully, if, if you’ve found some of what we’ve talked about today, interesting, then please do feel free to, to take a look at any of those.

48:28 Rob Hanna:

Yeah, no, I think you raised some really good points there. And you absolutely do share some really great content on, on LinkedIn and you’re right events are a great way to get out there, meet people and learn a lot more as well and bring to life a lot of stuff that you might be seeing and reading online to actually speak and engage with experts. So Peter, I absolutely have learned a ton. I’m sure our listeners, even if they knew quite a lot about this, have learned something new today as well. So thank you so, so much for coming on the show. It’s been an absolute pleasure having you. From all of us on the Legally Speaking Podcast, wishing you lots of continued success with Digital Law and on your future pursuits. But for now, over and out. Thank you for listening to this week’s episode. If you liked the content here, why not check out our world leading content and collaboration hub the Legally Speaking Club over on Discord. Go to our website www dot Legally Speaking Podcast dot com for the link to join our community there. Over and out.