Case management systems – practical advice and potential suppliers

This note from the Technology Committee provides advice on issues to be considered when planning and acquiring a CMS and contains a current list of potential suppliers to the legal profession.

Technology 06/09/2019

This note from the Technology Committee provides advice on issues to be considered when planning and acquiring a CMS and contains a current list of potential suppliers to the legal profession.

These days, it is pretty much a necessity to have a case management system (CMS) to run a successful law firm. Such systems have many benefits, including having a digital case file at your fingertips containing all the case information in one place, while keeping compliant with Law Society regulations.

The Law Society recently published a Small Practice Bulletin on the main features and benefits of a CMS. This note from the Technology Committee provides advice on issues to be considered when planning and acquiring a CMS and contains a current list of potential suppliers to the legal profession.

Planning for a CMS

Before embarking on a major decision to invest in a CMS, you should consider the following points:

  • What are your key requirements of a CMS? What do you need? How do you want your information to be delivered?
  • Evaluate the IT expertise within your business.
  • Establish the willingness of you and your colleagues to adapt to a changing environment. (This will be particularly relevant in relation to initial training and ongoing support requirements.) It is strongly advised that the process of planning for and acquisition of a CMS should involve all solicitors working in a firm, and that the process is led throughout at a senior management level.

Contract

  • Consider issues that might arise in relation to the contract for supply and support, and
  • Choice of law – what law is the contract governed by, for example, Irish or British?
  • Server or cloud? Clarify whether data is stored by server or cloud, and consider whether the method is adequate for the purposes of data security.
  • Protection of data subjects – a solicitor as a data controller is obliged to only use “processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject” (article 28 GDPR). Solicitors must satisfy themselves of this, and record how they have come to the decision that their supplier processor has met this standard. Specialist technical assistance may be needed.
  • Contracts – it is mandatory to use a contract (or other legal act under EU law), which is binding on the processor, and which contains prescribed language set out in the GDPR. Solicitors who have entered into contracts with clients on this matter are reminded to check that such contracts permit processing, and on what terms. Supplier-provided contracts should be carefully reviewed for GDPR compliance, as the practitioners will not be able to pass compliance responsibility to suppliers as both controllers and processors have their own respective responsibilities under GDPR.
  • Personal data transfers – personal data transfers outside the EEA (including, after Brexit, Britain) must be done in accordance with the GDPR. Solicitors must consider this when selecting suppliers who process personal data (whether client or staff data).
  • Brexit – solicitors should keep this under review, as guidance may change in the lead-up to Brexit and in the early months after Brexit. Useful guidance is available from the office of the Data Protection Commission at www.dataprotection.ie (under the ‘Guidance’ tab).

Data security and data protection

  • Server or cloud? Clarify whether data is stored by server or cloud, and consider whether the method is adequate for the purposes of data security.
  • Protection of data subjects – a solicitor as a data controller is obliged to only use “processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject” (article 28 GDPR). Solicitors must satisfy themselves of this, and record how they have come to the decision that their supplier processor has met this standard. Specialist technical assistance may be needed.
  • Contracts – it is mandatory to use a contract (or other legal act under EU law), which is binding on the processor, and which contains prescribed language set out in the GDPR. Solicitors who have entered into contracts with clients on this matter are reminded to check that such contracts permit processing, and on what terms. Supplier-provided contracts should be carefully reviewed for GDPR compliance, as the practitioners will not be able to pass compliance responsibility to suppliers as both controllers and processors have their own respective responsibilities under GDPR.
  • Personal data transfers – personal data transfers outside the EEA (including, after Brexit, Britain) must be done in accordance with the GDPR. Solicitors must consider this when selecting suppliers who process personal data (whether client or staff data).
  • Brexit – solicitors should keep this under review, as guidance may change in the lead-up to Brexit and in the early months after Brexit. Useful guidance is available from the office of the Data Protection Commission at www.dataprotection.ie (under the ‘Guidance’ tab).

Implementation

  • Can the supplier set out a clear strategy, process and cost for getting your data into the system?
  • If any data is not to be transferred, then this should be identified, together with a clear explanation of how that data can be accessed and/or imported as needed. The burden of operating dual systems must be avoided, as must the dangerous trap of migrating data to a system before being satisfied with how that system will work. The committee suggests that, save for exceptional circumstances, it is unwise to migrate data to a new system for a trial period if there is any uncertainty as to what is involved in rolling back such a move.

Client requirements

What are the current or anticipated client demands, for example, for reporting on their files, electronic access to their files?

Costs

  • Cost of installation per user,
  • Charges for ongoing licence,
  • Cost of training and number of days as part of the installation package, and
  • Cost of ongoing support and training.

Number of installations

  • Number of installations in legal offices,
  • Recent developments with the proposed system, and plans for future developments,
  • List of existing client firms who will vouch for the operation of the system, and
  • Backup – the nature and ease of backup and the support available in relation to daily use.

Potential suppliers of CMS

The following list is provided for information purposes only, and does not constitute approval or endorsement by the Law Society of Ireland. This list is not exhaustive. If you are aware of other potential suppliers, please advise the Technology Committee at the Law Society of Ireland.