You may have heard that there’s a cheaper alternative to best-in-class, AI-based contract intelligence platforms: contract management platforms that employ humans to review your documents for you. However, it’s important to be aware of the hidden risks of outsourcing contract review in this way, because sometimes you get what you pay for—and you may not be allowed to use the third-party review for some documents without attorney-client privilege.
It’s one thing to engage a law firm or a licensed legal service provider to do document review. It’s another to bring on a contract management platform that outsources document review to lawyers overseas as a part of their product.
Automated Contract Review
Read on below to learn about some points GCs think about when choosing a contract management platform with automation/humans in the loop to remove the need for you to manually review documents.
Here are four main issues to consider before you share your sensitive documents externally:
- Data Privacy and Residency
If you’re outsourcing customer contracts to a vendor for review, then you should be cognizant of the potential regulatory obligations imposed by GDPR, CCPA, and other established and emergent laws around the world. As we’ve mentioned in prior blog posts, a business that transmits sensitive customer data can be held responsible if the recipient of that data mishandles it. Furthermore, if a vendor mentions that they may have lawyers or trained professionals reviewing your documents, it’s important to ask where these individuals are based. If they’re based outside of the United States or your jurisdiction of practice, simply transmitting your contracts over to them via the internet for review may trigger data residency laws.
Contract management providers commonly use humans to review contracts and employ these individuals as independent contractors. The principal-agent relationships between the contact management provider and the individuals conducting document review are often not clear and not to the same standards as your terms and conditions with the vendor itself.
You could face legal repercussions for your business if the contracts you’re sending for review contain sensitive customer information and the contractor suffers a breach exposing the contract data. It’s imperative to know exactly who is handling any sensitive customer, vendor, or employee information that you’re sending to your providers for review, and that they are taking the same amount of care to protect that information as you and your business do.
Many vendor agreements contain confidentiality clauses designed to keep buyers from sharing their vendors’ trade secrets—with competing vendors, for example. Furthermore, a non-disclosure agreement will often restrict the sharing of information within the same business with any co-worker who does not have an established need to know that information.
For example, if a vendor contract has a confidentiality clause which states that the sharing of the agreement is limited to a “need-to-know basis,” a contracting party is not able to actually share that agreement even within the same legal entity, and especially not with independent third parties without a direct contractual NDA in place—such as independent contractors conducting document review as a part of a contract management offering.
Do the terms of your vendor agreements permit you to grant access to contract management providers and contractors beyond your own legal counsel? If so, do they extend that access to subcontractors? And have those subcontractors taken the proper steps to safeguard any documents they receive? Under GDPR, which party acts as a controller and which as a processor of data? The law is unclear and ever-changing. Getting these answers wrong could put you in breach of the very contracts you’re outsourcing for review.
- Quality Control
How do you control or even influence the quality of the work when you have no contact with the people doing the work? When law firms hire lawyers on a temporary basis for document review projects, it’s typical for them to hire lawyers who are trained, licensed, and physically located in the jurisdiction where the work is to be done. They can review the qualifications of the lawyers doing the review, and they can supervise the work.
However, if you send your documents to a contractor who then outsources that legal review to a third party, you can’t take it for granted that they’re applying the same standards. Are the lawyers trained in the right jurisdiction or licensed to practice in your region? This concern is even greater if the vendor is sending your contracts overseas. Are the reviewers familiar with the laws applicable to your agreements? You need to be able to trust the expertise of the people conducting contract analysis if you want to receive genuinely valuable insights about what’s in your existing contracts.
In addition to training, there is the issue of catching errors in the contract review process. If an artificial intelligence algorithm using natural language processing makes a mistake, you can quickly review the work, identify the error, and teach the program to make better decisions in all future reviews. If you’re leveraging a team of human reviewers in an unknown or distant locale, how do you verify the accuracy of their work? And if you’re trusting thousands of contracts to these review services, how do you reduce risk at scale?
- Legal Ethics
On top of those quality concerns, outsourcing potentially raises questions regarding professional conduct and legal ethics. Whether you’re practicing in a law firm or an in-house legal department, what is your obligation to vet the qualifications of any contractors you engage, directly or indirectly, to review your clients’ or employer’s documents? Are you permitted to engage reviewers who are not licensed to practice law in the relevant jurisdiction?
Often, GCs we spoke with do not fully understand the risks and exposure that they’re creating for their company by outsourcing contract review to a particular vendor. It’s important to consider confidentiality, data residency, and data protection laws when selecting a contract management and review partner, as the hidden risks may far outweigh the saved costs.