Managing Information Governance and Retention in 2021
Focus on UK Law Firms and Legal Departments
With more employees and clients than ever working remotely, all signs point to a more paperless future. But is your organisation doing everything it can to manage and protect electronic and physical records?
The global pandemic has accelerated the move to more agile ways of working, including greater reliance on electronic documents. However, many organisations are now scrutinising whether their existing information governance (IG) policies and processes are sufficient to protect sensitive information, including personal data, in compliance with the GDPR and other regulations. The last thing any firm needs is the financial and reputational damage of an ICO fine due to data loss or other GDPR violations.
In June 2020, Legaltech News reported that several top UK law firms had banned unnecessary printing of documents during lockdown, to prevent confidential information from being left lying around in employees’ homes.
While encouraging lawyers and staff to “print less” is a positive step, the fact remains that most organisations still have a large volume of (aging) paper records stored offsite. Offsite storage of physical records is costly and keeping records longer than needed opens up your firm to significant security, data protection and litigation risks. Similarly, electronic information stored in document management systems, file shares and other applications can pose significant risks if left to accumulate unchecked.
Read more about how FileTrail GPS (Governance Policy Suite) can help your organisation automate key aspects of information governance, prevent data from being kept longer than necessary, and enable compliance with government regulations and client guidelines — all while supporting remote working.
Automating Information Governance
How is your firm tracking retention schedules? And what happens when retention periods expire?
If you’re still tracking retention schedules in a spreadsheet (somewhere), it’s time to automate.
Many firms using legacy RM systems report that tracking retention is haphazard at best. All too often, disposition turns into the task at the bottom of the priority list. After all, manually compiling lists of records that need to be reviewed can take ages. And then chasing for approvals for destruction is a headache.
Is it any wonder, then, that such a large volume of records ends up accumulating in physical storage and DMS — even for clients that haven’t been clients in ages?
Some like the implied safety in “keeping everything just in case”…but the reality is that the volume of data you’re storing keeps growing, using up budget you can’t afford to waste. Not to mention the fact that you could have problems down the line with clients (and ex-clients) if you’ve kept their information longer than you should have.
Managing Retention Policies via FileTrail GPS
With FileTrail GPS (Governance Policy Suite), you can automate the process. FileTrail automatically applies the relevant retention policies to each document and information asset based on pre-defined rules.
When retention periods expire, FileTrail GPS notifies the appropriate stakeholders, who can then easily approve batches of records for disposition (or escalate for further review).
FileTrail frees up valuable time, so that lawyers and staff can focus on client work and other priorities. The system automatically captures an audit trail of all activity, so you can assure clients and regulators that no information has been kept longer than needed.
And by regularly reviewing, organisations can reduce ongoing storage costs; reduce security, data protection and litigation risks; and assure clients that their information will not be kept for longer than needed.
GDPR Compliance & Beyond
Increased enforcement of the GDPR — and the emergence of other data privacy legislation such as the CCPA — make it imperative that your organisation has an effective data protection programme in place.
While most organisations have taken steps to comply with the GDPR, the fact remains that many are relying on a patchwork of processes that are inefficient and prone to risk if implemented manually.
FileTrail GPS can help to automate key components of your firm’s data protection programme, such as:
- Automating compliance with data retention policies (instead of relying on staff to classify documents and track retention periods manually)
- Triggering workflows for timely disposition — so that you never keep personal information for longer than needed
- Minimising the personal information held within FileTrail through the configuration of user-defined fields for PII
- Tagging documents containing personally identifiable information (PII) and sensitive personal information (SPI) through synchronisation with the firm’s financial, HR and client intake systems, and other data sources
- Restricting access to client matter files based on roles and responsibilities defined in Active Directory (AD), Intapp Walls and/or the firm’s HR and financial management systems
- Restricting access to PII/SPI with controls over who can view or modify data both broadly (e.g. by Practice Area or Administrative Department) and granularly down to the field level, specifying what users or groups have rights to view or edit each field
- Synchronising any anonymisation or pseudonymisation performed in authoritative data sources
Most importantly, FileTrail GPS logs a complete audit trail of all activity — so you can generate reports tracking how personal information has moved through the firm’s systems, who has had access, when it was edited, and when the information was disposed.
COVID-19, Remote Working & IG
Have you adapted your information governance policies and processes to remote working?
With so many people working from home, information management teams are taking a closer look at how employees and contractors are handling information. Having the right technology systems in place is essential — not only to support secure remote access and more digital ways of working — but also to ensure that your users are complying with IG policies and protecting sensitive data.
Here is why many organisations are turning to FileTrail.
A Unified View
FileTrail GPS offers a unified view across all information repositories — both physical and electronic — via a secure web-based interface. Authorised users can see their physical records in FileTrail GPS Records Manager, alongside information assets stored in third-party document management systems (DMS), file shares, and other business applications.
For law firms, using FileTrail enables client teams to quickly look up and find records via its matter-centric workspaces. Creating new records or requesting retrieval is easier than ever. Permission to access specific workspaces can be managed via Intapp Walls. NetDocuments users can access FileTrail via an integrated tab within NetDocuments.
Dashboards and Reporting
Dashboards available in FileTrail GPS enable IT, IG and RM teams to monitor key metrics and trends. Using FileTrail, you can generate customised reports showing how much data resides in each repository, analyse growth trends, and forecast how much data will be due for disposition in the future, so you can project future storage and destruction costs.
Automated Workflows and Audit Trail
Workflows within FileTrail automatically assign the appropriate classification and retention policy to new documents based on pre-defined rules — simplifying compliance. You can also automate workflows to send notifications to key stakeholders when records need to be reviewed and approved for disposition. FileTrail automatically captures a complete audit trail of all activity and approvals, so you can demonstrate compliance with IG policies, clients’ outside counsel guidelines (OCG), and relevant regulatory requirements.
Managing Physical Records Retention
No organisation today can afford to pay for storing aging physical records it no longer needs.
In 2020, the pendulum swung heavily in favour of electronic documents. Given the reality of lockdown, even users who had previously insisted on doing everything on paper seemed eager to embrace more digital ways of working.
But even as organisations lean into “paperless” approaches, the legacy of paper remains. Lawyers still do need to retrieve physical records periodically. Retrieving physical records and delivering them to employees working remotely is logistically challenging — and in many cases inadvisable due to security concerns. “Scan on demand” services have emerged as a popular solution for fulfilling physical records requests (but typically also end up creating additional copies that need to be tracked).
At the same time, the vast majority of physical records stored by law firms will never be looked at again.
For 2021 and beyond, firms are reevaluating operating expenses such as real estate — and rightly questioning whether their offsite records storage footprint needs to be so large. Not only are physical records expensive to store and track on an ongoing basis, they also open the firm up to significant security, data protection and litigation risks.
FileTrail GPS is enabling many leading law firms to reduce their backlog of aging physical records with confidence.
- Search for and identify records fitting a certain criteria (e.g. all records for matters closed 10 years or more, or all records from the 1980s)
- Set up workflows to notify appropriate reviewers to review and approve records for destruction
- Automate workflows enabling reviewers to flag which records require further review and/or escalation
- Capture a complete audit trail of all activity and approvals and generate customised reports on demand
- Simplify the process of submitting and tracking the status of destruction requests
Contact FileTrail today to find out more about how FileTrail GPS – Records Manager can help simplify ongoing records management, integrate physical records management with the management of electronic information, and reduce the backlog of physical records your firm currently stores.
Technology that integrates
Centralise management of your information assets without moving content.
Most organisations today save electronic information “everywhere” — in document management systems, file shares, SharePoint, Office 365, Teams, Box and other repositories — not to mention a large number of applications used by various parts of the business. They also typically have a large volume of physical records that have accumulated over decades.
Information governance is challenging if not impossible if you don’t know exactly what information resides where, and need to log on to multiple systems to track it down.
FileTrail GPS can provide an integrated view across your firm’s information repositories — including your electronic documents and physical records. Its deep integration within your information ecosystem enables information governance to happen “in place” wherever documents are located, so you don’t need to move content.
In fact, FileTrail enables lawyers and staff to stay in the application they use the most — such as NetDocuments, iManage, Teams or SharePoint — and access the Matter Profile from there. They can see what documents exist in other repositories associated with that matter and browse document lists and folders, provided they are authorised for access.
Connectors within FileTrail synchronise information on documents and folder structure from major systems (such as iManage, NetDocuments, OpenText eDOCS and file shares). This also allows users to request retrieval and action the disposition of documents from within the UI of those applications. Similar connectors to Iron Mountain and Access streamline retrieval, transmittal and destruction of physical records.
Automated synchronisation between FileTrail and data sources such as Active Directory (AD), Intapp (Walls, Intake and Terms), and financial systems (Elite and Aderant) also makes it possible to control access based on roles and responsibilities, and flag personally identifiable information (PII) and other sensitive content.
FileTrail’s open architecture makes it easy to integrate, extend and customise to meet your organisation’s unique needs.