The ABAethics opinion focuses on the challenge of ensuring that the tasks are delegated to competent individuals/service providers and adequately and appropriately overseeing the execution of the outsourced project.
The due diligence checklist suggested include:
1. Background checks, including educational qualifications
2. Interviews with the principal lawyers
3. Inquiry into hiring practices, quality and character of the prospects
4. Security measures for protection of sensitive client data, including physical security of premises, physical, administrative and logical security of the network, and data destruction in refuse and disposal procedures
5. Site visits in some instances.
The New York City Bar Association’s Ethics Opinion No. 2006-3 (August 2006) emphasizes that due diligence continues as an ongoing process of supervision, as a duty to communicate with the service provider to ensure understanding of the assignment and review whether the assignment is being carried out according to the lawyer’s expectations.
All lawyers, paralegals and other staff members are recruited after they go through series of rigorous screening and tests to ensure they have the required skill set. Strict background checks are conducted before we commence the training process. Document each process extensively and there are checks and balances at various levels to ensure that client expectations are met always.
It is necessary to appreciate the concerns relating to data confidentiality and compliance of HIPPA and other guidelines and implement organizational level policies to enforce data security compliance as a business associate from our side.
Few of these measures to ensure that the data security and confidentiality is sacrosanct and given the highest priority in deliveries should be:
Maintain a paperless office. Employees should not be allowed to copy or make notes of any client document
2. IT systems are designed for complete data security and comply with all major data security and confidentiality laws and guidelines.
3. The work systems of our employees do not have provision to copy information onto CDs/Floppy disks/portable hard disks etc.
4. Cannot print any document from the client environment.
5. Each employee is required to sign a strict confidentiality agreement at the time of induction
6. Sensitization to data security and confidentiality is part of our standard induction program
7. A “non use of information under any circumstances” Clause is part of a standard agreement which we sign with
More info: Legal Process Outsourcing