📖 Word of the Week: RAG (Retrieval-Augmented Generation) - The Legal AI Breakthrough Eliminating Hallucinations. 📚⚖️

/ The Tech-Savvy Lawyer.Page/

What is RAG?

USEd responsibly, rag can be a great tool for lawyers!

Retrieval-Augmented Generation (RAG) is a groundbreaking artificial intelligence technique that combines information retrieval with text generation. Unlike traditional AI systems that rely solely on pre-trained data, RAG dynamically retrieves relevant information from external legal databases before generating responses.

Why RAG Matters for Legal Practice

RAG addresses the most significant concern with legal AI: fabricated citations and "hallucinations." By grounding AI responses in verified legal sources, RAG systems dramatically reduce the risk of generating fictional case law. Recent studies show RAG-powered legal tools produce hallucination rates comparable to human-only work.

Key Benefits

RAG technology offers several advantages for legal professionals:

Enhanced Accuracy: RAG systems pull from authoritative legal databases, ensuring responses are based on actual statutes, cases, and regulations rather than statistical patterns.

Real-Time Updates: Unlike static AI models, RAG can access current legal information, making it valuable for rapidly evolving areas of law.

Source Attribution: RAG provides clear citations and references, enabling attorneys to verify and build upon AI-generated research.

Practical Applications

lawyers who don’t use ai technology like rag will be replaced those who do!

Law firms are implementing RAG for case law research, contract analysis, and legal memo drafting. The technology excels at tasks requiring specific legal authorities and performs best when presented with clearly defined legal issues.

Professional Responsibility Under ABA Model Rules

ABA Model Rule 1.1 (Competence): Comment 8 requires lawyers to "keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology." This mandates understanding RAG capabilities and limitations before use.

ABA Model Rule 1.6 (Confidentiality): Lawyers must "make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." When using RAG systems, attorneys must verify data security measures and understand how client information is processed and stored.

ABA Model Rule 5.3 (Supervision of Nonlawyer Assistants): ABA Formal Opinion 512 clarifies that AI tools may be considered "nonlawyer assistants" requiring supervision. Lawyers must establish clear policies for RAG usage and ensure proper training on ethical obligations.

ABA Formal Opinion 512: This 2024 guidance emphasizes that lawyers cannot abdicate professional judgment to AI systems. While RAG systems offer improved reliability over general AI tools, attorneys remain responsible for verifying outputs and maintaining competent oversight.

Final Thoughts: Implementation Considerations

lawyers must consider their ethical responsibilities when using generative ai, large language models, and rag.

While RAG significantly improves AI reliability, attorneys must still verify outputs and exercise professional judgment. The technology enhances rather than replaces legal expertise. Lawyers should understand terms of service, consult technical experts when needed, and maintain "human-in-the-loop" oversight consistent with professional responsibility requirements.

RAG represents a crucial step toward trustworthy legal AI, offering attorneys powerful research capabilities while maintaining the accuracy standards essential to legal practice and compliance with ABA Model Rules. Just make sure you use it correctly and check your work!

Word of the Week: Synthetic Data 🧑‍💻⚖️

/ The Tech-Savvy Lawyer.Page/

What Is Synthetic Data?

Synthetic data is information that is generated by algorithms to mimic the statistical properties of real-world data, but it contains no actual client or case details. For lawyers, this means you can test software, train AI models, or simulate legal scenarios without risking confidential information or breaching privacy regulations. Synthetic data is not “fake” in the sense of being random or useless—it is engineered to be realistic and valuable for analysis.

How Synthetic Data Applies to Lawyers

  • Privacy Protection: Synthetic data allows law firms to comply with strict privacy laws like GDPR and CCPA by removing any real personal identifiers from the datasets used in legal tech projects.

  • AI Training: Legal AI tools need large, high-quality datasets to learn and improve. Synthetic data fills gaps when real data is scarce, sensitive, or restricted by regulation.

  • Software Testing: When developing or testing new legal software, synthetic data lets you simulate real-world scenarios without exposing client secrets or sensitive case details.

  • Cost and Efficiency: It is often faster and less expensive to generate synthetic data than to collect, clean, and anonymize real legal data.

Lawyers know your data source; your license could depend on it!

📢

Lawyers know your data source; your license could depend on it! 📢

Synthetic Data vs. Hallucinations

  • Synthetic Data: Created on purpose, following strict rules to reflect real-world patterns. Used for training, testing, and developing legal tech tools. It is transparent and traceable; you know how and why it was generated.

  • AI Hallucinations: Occur when an AI system generates information that appears plausible but is factually incorrect or entirely fabricated. In law, this can mean made-up case citations, statutes, or legal arguments. Hallucinations are unpredictable and can lead to serious professional risks if not caught.

Key Difference: Synthetic data is intentionally crafted for safe, ethical, and lawful use. Hallucinations are unintentional errors that can mislead and cause harm.

Why Lawyers Should Care

  • Compliance: Using synthetic data helps you stay on the right side of privacy and data protection laws.

  • Risk Management: It reduces the risk of data breaches and regulatory penalties.

  • Innovation: Enables law firms to innovate and improve processes without risking client trust or confidentiality.

  • Professional Responsibility: Helps lawyers avoid the dangers of relying on unverified AI outputs, which can lead to sanctions or reputational damage.

Lawyers know your data source; your license could depend on it!

Samsung's Galaxy Z Series Redefines Mobile Legal Practice: The Ultimate July 2025 Review 📱⚖️

/ The Tech-Savvy Lawyer.Page/

are the new samsung galaxy z mobile phones the next innovation in smart phones for lawyers?

Samsung's Galaxy Z Fold7 and Z Flip7 represent the most transformative mobile devices for legal professionals in 2025, delivering unprecedented productivity enhancements while finally achieving the durability and refinement necessary for serious law practice deployment.

Revolutionary Design: Function Meets Form

Galaxy Z Fold7: The Legal Powerhouse

The Galaxy Z Fold7 achieves what previous foldable generations promised but couldn't deliver—genuine laptop-like productivity in a pocket-sized device. At just 8.9mm folded and an impossibly thin 4.2mm unfolded, it's lighter than most traditional flagships at 215 grams while providing dual-screen functionality. Legal professionals finally have access to a device that feels like a conventional smartphone when closed but transforms into a 7.6-inch tablet workstation when opened.  (Editor’s note: I have to admit that when I held and played with a Fold that I was so impressed it became my new blog/podcast phone!)

The 6.5-inch cover screen with improved 21:9 aspect ratio eliminates the narrow, cramped experience of previous generations, making email management, calendar review, and client communications genuinely usable without unfolding. This addresses a critical pain point for attorneys who need quick access to information between court sessions or client meetings.

Galaxy Z Flip7: Compact Professional Excellence

The Galaxy Z Flip7 transforms the traditional smartphone experience with its 4.1-inch edge-to-edge FlexWindow—now a legitimate secondary interface rather than a glorified notification panel. At 188 grams, it's lighter than most flagship phones while offering a 6.9-inch main display that rivals the Galaxy S25 Ultra when unfolded.

For legal professionals who prioritize portability, the Z Flip7's ability to fold to just 13.7mm thick while maintaining flagship performance represents a paradigm shift in mobile form factors.

Productivity Revolution for Legal Practice

Multitasking Mastery

The Galaxy Z Fold7's Multi-Active Windows capability allows attorneys to run three apps simultaneously—a game-changer for legal workflows. Imagine reviewing case documents in one window, conducting legal research in another, and managing client communications in a third, all on a single device. This level of multitasking was previously impossible on mobile devices and rivals desktop productivity.

Real-world legal applications include:

  • Simultaneous document review and note-taking during depositions

  • Side-by-side contract comparison and analysis

  • Multi-app case management during court proceedings

  • Instant legal research while drafting briefs or motions

Scrool to the bottom for a comprehensive comparison table for the Samsung Zs, the iPhone, and the Pixel!

📱

Scrool to the bottom for a comprehensive comparison table for the Samsung Zs, the iPhone, and the Pixel! 📱

Document Management Excellence

Both devices excel at PDF annotation, form completion, and document scanning—core legal tasks that previously required desktop computers or specialized equipment. The 200MP camera system on the Z Fold7 ensures crystal-clear document capture even in challenging lighting conditions, while the large screen makes detailed document review practical on mobile devices.

Legal professionals report dramatically reduced processing times for routine document tasks—what once required printing, manual completion, scanning, and emailing can now be accomplished entirely on the device in under five minutes.

Enterprise Security Meets Legal Compliance

Samsung Knox: Defense-Grade Protection

Samsung Knox provides chip-to-cloud security architecture specifically designed for sensitive professional environments. For legal practices handling confidential client information, Knox's container technology creates separate, encrypted workspaces that isolate professional data from personal applications.

Key security features for legal professionals:

There are noticeable improvements to these devices that may rival apple’s iphone line.

  • Hardware-level encryption protecting client confidentiality

  • Secure folders for case-sensitive documents and communications

  • Enterprise management compatibility with law firm IT policies

  • Regular security updates for seven years—crucial for compliance requirements

  • AI-Powered Productivity with Privacy Controls

Galaxy AI integration enhances legal workflows without compromising data privacy. Note Assist automatically organizes meeting notes into actionable items, while Interpreter in FlexMode facilitates hands-free client communications. Importantly, many AI features process data on-device, addressing legal industry privacy concerns. (Editor’s note - always check the terms of service and other reliable sources to confirm your client’s PII is protected before using any AI service.)

Competitive Analysis: Leading the Professional Mobile Market

Performance Leadership

The Snapdragon 8 Elite processor in the Z Fold7 delivers flagship-level performance with up to 16GB RAM and 1TB storage—specifications that rival desktop computers from just a few years ago. This computational power enables smooth operation of multiple legal applications simultaneously, from case management software to video conferencing platforms.

Camera Systems: Evidence Documentation Excellence

The Z Fold7's 200MP main camera represents a significant upgrade for legal documentation needs. Whether capturing whiteboard notes during strategy sessions, photographing evidence at accident scenes, or documenting contract details, the camera system delivers professional-grade results.

The 10MP telephoto with 3x optical zoom proves particularly valuable for detailed text capture—essential when photographing contracts, court documents, or exhibit materials.

Battery Life: All-Day Professional Use

Both devices feature 4,300-4,400mAh batteries designed to support intensive legal workflows throughout extended court sessions or client meetings. 25W fast charging minimizes downtime between professional engagements.

Market Impact: Reshaping Legal Technology Adoption

Is there a galaxy z in your firm’s future?

Industry Momentum Building

Samsung's foldable preorders increased 25% year-over-year in July 2025, with 38% surge in US shipments indicating growing professional adoption. Legal professionals represent a significant portion of this growth, driven by the productivity benefits and enterprise security features.

Competitive Response

With Apple yet to enter the foldable market and Google's Pixel Fold lacking the productivity optimizations of Samsung's devices, the Galaxy Z series maintains a unique position in professional mobile computing. This market leadership provides legal practices with proven, mature foldable technology rather than experimental alternatives.

Limitations and Considerations

Investment Analysis - Are they worth the price?

Pricing remains a significant consideration—the Z Fold7 starts at $1,999, while the Z Flip7 begins at $1,099. However, for attorneys who can leverage the productivity benefits, the devices may justify their premium pricing through improved billable hour efficiency and reduced need for multiple devices.

Learning Curve Management

Staff training requirements should be considered for firm-wide deployments. The unique interface and multitasking capabilities require adjustment from traditional smartphone usage patterns.

Durability in Professional Environments

While both devices are tested for 200,000 folds (approximately 10 years of use) and feature IP48 water resistance, legal professionals working in challenging environments may need additional protection. The removal of S Pen support from the Z Fold7 eliminates handwritten note-taking capabilities that some attorneys preferred.

Final Thoughts: Verdict for the Galaxy Z phone series - Transformative Technology for Modern Legal Practice

The Galaxy Z Fold7 and Z Flip7 represent the first foldable devices mature enough for serious legal practice adoption. The combination of flagship performance, enterprise security, productivity optimization, and refined design creates compelling value propositions for different attorney needs.

For litigation attorneys and corporate lawyers who require maximum screen real estate and multitasking capability, the Z Fold7 delivers unprecedented mobile productivity that approaches desktop-level functionality. For attorneys prioritizing portability and quick access to communications, the Z Flip7 offers flagship performance in an exceptionally compact form factor.

I don’t know if my excitement to use the Fold justifies a switch in my legal work device (and move from my iPhone to the Fold), but the significant hardware improvements, including thinner profiles, better displays, enhanced cameras, and robust security features, position the Flip and the Fold as legitimate professional tools rather than technological novelties. With seven years of security updates and Samsung's enterprise support infrastructure, these devices meet the long-term stability requirements of legal practice.

Samsung has successfully transformed foldable phones from experimental curiosities into practical productivity tools that can genuinely enhance legal workflows and professional efficiency. For law practices ready to embrace next-generation mobile technology, the Galaxy Z series delivers the durability, functionality, and enterprise features necessary for professional legal work.

Compare the specs for the Zs, the iphone and the iphone.

MTC: Is Puerto Rico’s Professional Responsibility Rule 1.19 Really Necessary? A Technology Competence Perspective.

/ The Tech-Savvy Lawyer.Page/

Is PR’s Rule 1.19 necessary?

The legal profession stands at a crossroads regarding technological competence requirements. With forty states already adopting Comment 8 to Model Rule 1.1, which mandates lawyers "keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology," the question emerges: do we need additional rules like PR Rule 1.19?

Comment 8 to Rule 1.1 establishes clear parameters for technological competence. This amendment, adopted by the ABA in 2012, expanded the traditional duty of competence beyond legal knowledge to encompass technological proficiency. The Rule requires lawyers to understand the "benefits and risks associated with relevant technology" in their practice areas.

The existing framework appears comprehensive. Comment 8 already addresses core technological competencies, including e-discovery, cybersecurity, and client communication systems. Under Rule 1.1 (Comment 5), legal professionals must evaluate whether their technological skills meet "the standards of competent practitioners" without requiring additional regulatory layers.

However, implementation challenges persist. Many attorneys struggle with the vague standard of "relevant technology". The rule's elasticity means that competence requirements continuously evolve in response to technological advancements. Some jurisdictions, like Puerto Rico (see PR’s Supreme Court’s Order ER-2025-02 approving adoption of its full set of Rules of Professional Conduct, have created dedicated technology competence rules (Rule 1.19) to provide clearer guidance.

The verdict: redundancy without added value. Rather than creating overlapping rules, the legal profession should focus on robust implementation of existing Comment 8 requirements. Enhanced continuing legal education mandates, clearer interpretive guidance, and practical competency frameworks would better serve practitioners than additional regulatory complexity.

Technology competence is essential, but regulatory efficiency should guide our approach. 🚀

MTC: Lawyers, Generative AI, and the Right to Privacy: Navigating Ethics, Client Confidentiality, and Public Data in the Digital Age

/ The Tech-Savvy Lawyer.Page/

Modern attorneys need to tackle AI ethics and privacy risks.

The legal profession stands at a critical crossroads as generative AI tools like ChatGPT become increasingly integrated into daily practice. While these technologies offer unprecedented efficiency and insight, they also raise urgent questions about client privacy, data security, and professional ethics—questions that every lawyer, regardless of technical proficiency, must confront.

Recent developments have brought these issues into sharp focus. OpenAI, the company behind ChatGPT, was recently compelled to preserve all user chats for legal review, highlighting how data entered into generative AI systems can be stored, accessed, and potentially scrutinized by third parties. For lawyers, this is not a theoretical risk; it is a direct challenge to the core obligations of client confidentiality and the right to privacy.

The ABA Model Rules and Generative AI

The American Bar Association’s Model Rules of Professional Conduct are clear: Rule 1.6 requires lawyers to “act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure”. This duty extends beyond existing clients to former and prospective clients under Rules 1.9 and 1.18. Crucially, the obligation applies even to information that is publicly accessible or contained in public records, unless disclosure is authorized or consented to by the client.

Attorneys need to explain generative AI privacy concerns to client.

The ABA’s recent Formal Opinion 512 underscores these concerns in the context of generative AI. Lawyers must fully consider their ethical obligations, including competence, confidentiality, informed consent, and reasonable fees when using AI tools. Notably, the opinion warns that boilerplate consent in engagement letters is not sufficient; clients must be properly informed about how their data may be used and stored by AI systems.

Risks of Generative AI: PII, Case Details, and Public Data

Generative AI tools, especially those that are self-learning, can retain and reuse input data, including Personally Identifiable Information (PII) and case-specific details. This creates a risk that confidential information could be inadvertently disclosed or cross-used in other cases, even within a closed firm system. In March 2023, a ChatGPT data leak allowed users to view chat histories of others, illustrating the real-world dangers of data exposure.

Moreover, lawyers may be tempted to use client public data—such as court filings or news reports—in AI-powered research or drafting. However, ABA guidance and multiple ethics opinions make it clear: confidentiality obligations apply even to information that is “generally known” or publicly accessible, unless the client has given informed consent or an exception applies. The act of further publicizing such data, especially through AI tools that may store and process it, can itself breach confidentiality.

Practical Guidance for the Tech-Savvy (and Not-So-Savvy) Lawyer

Lawyers can face disciplinary hearing over unethical use of generative AI.

The Tech-Savvy Lawyer.Page Podcast Episode 99, “Navigating the Intersection of Law Ethics and Technology with Jayne Reardon and other The Tech-Savvy Lawyer.Page postings offer practical insights for lawyers with limited to moderate tech skills. The message is clear: lawyers must be strategic, not just enthusiastic, about legal tech adoption. This means:

  • Vetting AI Tools: Choose AI platforms with robust privacy protections, clear data handling policies, and transparent security measures.

  • Obtaining Informed Consent: Clearly explain to clients how their information may be used, stored, or processed by AI systems—especially if public data or PII is involved.

  • Limiting Data Input: Avoid entering sensitive client details, PII, or case specifics into generative AI tools unless absolutely necessary and with explicit client consent.

  • Monitoring for Updates: Stay informed about evolving ABA guidance, state bar opinions, and the technical capabilities of AI tools.

  • Training and Policies: Invest in ongoing education and firm-wide policies to ensure all staff understand the risks and responsibilities associated with AI use.

Conclusion

The promise of generative AI in law is real, but so are the risks. As OpenAI’s recent legal challenges and the ABA’s evolving guidance make clear, lawyers must prioritize privacy, confidentiality, and ethics at every step. By embracing technology with caution, transparency, and respect for client rights, legal professionals can harness AI’s benefits without compromising the foundational trust at the heart of the attorney-client relationship.

MTC

Word of the Week: “Phishing” 🎣 in the Legal Profession - What Every Lawyer Needs to Know in 2025 🛡️

/ The Tech-Savvy Lawyer.Page/

Lawyers Battle phishing on a daily basis.

Phishing is one of the most persistent and dangerous cyber threats facing law firms today. Phishing is a form of computer and internet fraud in which criminals use fake emails, websites, or messages to trick recipients into revealing sensitive information such as passwords, bank details, or client data. For lawyers and legal professionals, the stakes are especially high: law firms hold vast amounts of confidential client information, making them prime targets for cybercriminals. The American Bar Association (ABA) Model Rules for Professional Conduct, particularly Rule 1.6 (Confidentiality of Information) and Rule 1.1 (Competence), require lawyers to protect client data and maintain competence in technology relevant to their practice.

How Phishing Targets Law Firms

Phishing attacks against law firms have become more sophisticated in 2025. Criminals now use generative AI to craft emails that closely mimic real communications from clients, colleagues, or even senior partners. These messages often create a sense of urgency, pressuring recipients to act quickly—such as transferring funds, sharing login credentials, or downloading malicious attachments. Business Email Compromise (BEC) scams are particularly damaging, as attackers impersonate managing partners or clients to divert wire transfers or request sensitive documents.

Impersonation: The Hidden Dangers in Your Inbox

Attackers often use email spoofing to manipulate the display name and email address, making a message appear to come from someone you trust. The display name (the name that appears in your inbox) can be set to any familiar contact, but the actual email address may be subtly altered or completely fake. For example, a scammer might use “john.smith@lawfirm.com”or “John Smith of ….” as the display name, but the underlying address could be “jjohn.smith@lawf1rm.com” or “john..john.smith@lawfirm.co@lawfirm.co.” These changes are often just a single character off, designed to trick you into replying or clicking a malicious link.

Lawyers should always examine the full email address, not just the display name, before responding or acting on any request. On many smartphones and email clients, only the display name is shown by default, so you may need to click or tap to reveal the actual sender’s email address. If the message requests sensitive information, money transfers, or urgent action, verify the request through a separate communication channel, such as a phone call using a known number—not one provided in the suspicious email. This vigilance aligns with ABA Model Rule 1.1, which requires lawyers to maintain competence, including understanding risks associated with technology.

Recent Phishing Incidents Involving Lawyers

Phishing Email Threatens Law Firm Cybersecurity Defense

What Lawyers Should Watch For

  • Impersonation: Always check the sender’s full email address, not just the display name. Watch for addresses that are off by one or more characters.

  • Urgency and Pressure: Be cautious of emails that demand immediate action, especially those involving money or confidential data.

  • Suspicious Links or Attachments: Hover over links to check their true destination, and never open unexpected attachments.

  • Unusual Requests: Be wary of requests outside normal procedures, such as buying gift cards or changing payment instructions.

Prevention and Best Practices

  • Employee Training: Regular cybersecurity awareness training is crucial. Staff should be able to recognize phishing attempts and know how to report them. This supports ABA Model Rule 5.3 (Responsibilities Regarding Nonlawyer Assistance).

  • Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for attackers to access accounts even if credentials are compromised.

  • Incident Response Plan: Every law firm should have a clear plan for responding to phishing incidents, including communication protocols and legal obligations for breach notification.

  • Client Education: Educate clients about phishing risks and encourage them to verify any unusual requests that appear to come from your firm.

Professional Responsibility and Phishing

lawyers need to be proactive Against Cybersecurity Threats in 2025!

The ABA Model Rules make clear that lawyers must take reasonable steps to prevent unauthorized access to client information (Rule 1.6(c)). Lawyers must also keep abreast of changes in technology and its associated risks (Rule 1.1, Comment 8). Failing to implement basic cybersecurity measures, such as phishing awareness and email verification, may expose lawyers to disciplinary action and civil liability.

Final Thoughts

Phishing is not just an IT problem—it’s a business risk that can compromise client trust, cause financial loss, and result in legal liability. By staying vigilant, investing in training, and adopting robust security measures, lawyers can protect themselves, their clients, and their reputations in an increasingly digital world. Compliance with the ABA Model Rules is not optional—it's essential for ethical and effective law practice.

📖 Word(s) of the Week (Wow): "Service as a Service" (SaaS) & "Hardware as a Service" (HaaS)!

/ The Tech-Savvy Lawyer.Page/

SaaS vs. HaaS: What Law Firms Need to Know About Service as a Service and Hardware as a Service in 2025 ⚖️💻

Exploring SaaS vs. HaaS in Legal Tech!

Legal practices are rapidly embracing cloud-based solutions, and two models stand out: Software as a Service (SaaS) and Hardware as a Service (HaaS). Understanding these models is essential for law firms seeking efficiency, security, and cost-effectiveness in 2025.

What is SaaS?
SaaS is a cloud-based software delivery model. Instead of buying software outright and installing it on each device, law firms subscribe to web-hosted applications. This means no more managing physical servers or complex installations. Leading SaaS providers handle updates, security, and maintenance, freeing attorneys to focus on clients and cases.

Benefits of SaaS for Law Firms:

  • Centralized, secure document management—enabling paperless workflows and real-time collaboration.

  • Cost savings by eliminating expensive hardware and IT support. Firms pay only for what they use and can scale up or down as needed.

  • Remote access to case files, calendars, and billing from anywhere, supporting hybrid and remote work environments.

  • Automatic updates and improved security, with providers responsible for compliance and data protection.

  • Specialized legal features, such as document automation, calendaring, and legal billing, tailored for law practices.

Legal Considerations for SaaS:
SaaS agreements replace traditional software licenses. They must clearly define service levels, data privacy, and compliance with regulations. SaaS lawyers play a crucial role in drafting contracts, protecting intellectual property, and ensuring regulatory compliance across jurisdictions.

What is HaaS?
HaaS provides physical hardware—like computers, servers, or networking equipment—on a subscription basis. Law firms avoid large upfront purchases and instead pay a monthly fee for access, support, and maintenance. HaaS often includes installation, configuration, troubleshooting, and ongoing monitoring.

Benefits of HaaS for Law Firms:

Knowing your SAAS and Haas agreement terms is essential to maintaining client confidentiality and security

  • Predictable budgeting with no surprise hardware expenses.

  • Up-to-date equipment and proactive maintenance, reducing downtime.

  • Comprehensive support agreements, including warranties and rapid response times.

  • Enhanced security and compliance, as providers manage device updates and data protection.

Legal Considerations for HaaS:
HaaS contracts should specify the scope of services, pricing, service-level agreements (SLAs), liability, data privacy, and dispute resolution. Clear terms protect both the law firm and the provider, ensuring accountability and compliance with industry standards.

Challenges Law Firms Face in Using SaaS and HaaS

Law firms adopting SaaS and HaaS face several notable challenges:

  • Security Vulnerabilities: SaaS platforms can be susceptible to misconfigured access controls, inadequate monitoring, and insufficient threat detection. These weaknesses make law firms prime targets for cyberattacks, such as unauthorized access and data breaches, as seen in high-profile incidents involving major firms.

  • Data Breaches and Compliance Risks: Sensitive client data stored in SaaS environments is at risk if proper security measures are not in place. Breaches can expose confidential information, leading to regulatory penalties, reputational damage, and class action lawsuits if firms fail to notify affected parties promptly.

  • Integration Challenges: As law firms rely on multiple SaaS vendors, integrating various software platforms can become complex. Poor integration may disrupt workflows and reduce efficiency, especially if systems do not communicate seamlessly.

  • Shared Responsibility Confusion: SaaS providers typically secure the platform, but law firms are responsible for data security and access controls. Many firms mistakenly believe vendor security alone is sufficient, which can leave critical data exposed.

  • Reliable and consistent internet access: Reliable and consistent internet access is essential for law firms using SaaS and HaaS, as these cloud-based solutions require an active connection to access software, documents, and case management tools; any internet outage or slow connectivity can disrupt workflows, limit access to critical information, and impact client service. (What if you are on travel and the airplane, hotel, or location does have (reliable) internet connection - how do you get your work done?)

  • Business Email Compromise (BEC): SaaS ecosystems increase the risk of BEC attacks. Compromised email accounts can be exploited for fraud, impersonation, and data theft, often going undetected for extended periods.

  • Data Classification and Visibility Issues: Rapid adoption of SaaS can lead to scattered data across multiple platforms. Without a formal data classification strategy, firms may lose track of where sensitive information resides, complicating compliance and incident response.

  • Legal and Contractual Complexities: SaaS contracts involve nuanced licensing agreements, third-party vendor relationships, and service level commitments. Discrepancies between vendor terms and client expectations can result in disputes and legal challenges.

  • Dependency on Providers: Both SaaS and HaaS models make firms dependent on external vendors for uptime, support, and updates. Service disruptions or vendor instability can directly impact firm operations.

  • Hardware Lifecycle Management: With HaaS, firms avoid upfront hardware costs but must rely on the provider for timely upgrades, maintenance, and support. Poor vendor performance can lead to outdated equipment, downtime, or security gaps.

  • Cost Over Time: While SaaS and HaaS reduce initial capital expenditures, ongoing subscription fees may add up, potentially exceeding the cost of traditional ownership in the long term if not carefully managed.

Lawyers need to know the pros and cons in using saas and haas products!

While SaaS and HaaS offer significant advantages, law firms must address these risks through robust security practices, careful contract negotiation, and ongoing vendor management to protect sensitive data and maintain operational integrity. This may be easier for large law firms but difficult if not nearly impossible for mid- to small- to solo-size law practices.

Why Law Firms Should Care
Both SaaS and HaaS offer flexibility, scalability, and security that traditional IT models cannot match. By leveraging these services, law firms can modernize operations, improve client service, and reduce risk. The right contracts and due diligence are critical to ensure business continuity and compliance in a rapidly evolving legal tech landscape.

BOLO: LexisNexis Data Breach: What Legal Professionals Need to Know Now—and Why All Lexis Products Deserve Scrutiny!

/ The Tech-Savvy Lawyer.Page/

LAWYERS NEED TO BE BOTH TECH-SAVVY AND Cyber-SavvY!

On December 25, 2024, LexisNexis Risk Solutions (LNRS)—a major data broker and subsidiary of LexisNexis—suffered a significant data breach that exposed the personal information of over 364,000 individuals. This incident, which went undetected until April 2025, highlights urgent concerns for legal professionals who rely on LexisNexis and its related products for research, analytics, and client management.

What Happened in the LexisNexis Breach?

Attackers accessed sensitive data through a third-party software development platform (GitHub), not LexisNexis’s internal systems. The compromised information includes names, contact details, Social Security numbers, driver’s license numbers, and dates of birth. Although LexisNexis asserts that no financial or credit card data was involved and that its main systems remain secure, the breach raises red flags about the security of data handled across all Lexis-branded platforms.

Why Should You Worry About Other Lexis Products?

LexisNexis Risk Solutions is just one division under the LexisNexis and RELX umbrella, which offers a suite of legal, analytics, and data products widely used by law firms, courts, and corporate legal departments. The breach demonstrates that vulnerabilities may not be limited to one product or platform; third-party integrations, development tools, and shared infrastructure can all present risks. If you use LexisNexis for legal research, client intake, or case management, your clients’ confidential data could be at risk—even if the breach did not directly affect your specific product.

Ethical Implications: ABA Model Rules of Professional Conduct

ALL LawyerS NEED TO BE PREPARED TO FighT Data LeakS!

The American Bar Association’s Model Rules of Professional Conduct require lawyers to safeguard client information and maintain competence in technology. Rule 1.6(c) mandates that attorneys “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Rule 1.1 further obligates lawyers to keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology.

In light of the LexisNexis breach, lawyers must:

  • Assess the security of all third-party vendors, including legal research and data analytics providers.

  • Promptly notify clients if their data may have been compromised, as required by ethical and sometimes statutory obligations.

  • Implement additional safeguards, such as multi-factor authentication and regular vendor risk assessments.

  • Stay informed about ongoing investigations and legal actions stemming from the breach.

What Should Legal Professionals Do Next?

  • Review your firm’s use of LexisNexis and related products.

  • Ask vendors for updated security protocols and breach response plans.

  • Consider offering affected clients identity protection services.

  • Update internal policies to reflect heightened risks associated with third-party platforms.

The Bottom Line

The LexisNexis breach is a wake-up call for the legal profession. Even if your primary Lexis product was not directly affected, the interconnected nature of modern legal technology means your clients’ data could still be at risk. Proactive risk management and ethical vigilance are now more critical than ever.