Law firm clients have prioritized risk mitigation initiatives in recent years. As a result, they’ve been issuing increasingly detailed information governance protocols, the onslaught of which continues to create new and growing challenges for law firms.
Until recently, law firm information governance focused on chain of custody tracking, securing access to systems and safeguarding data. Most firms never actually disposed of electronic documents nor destroyed physical records. But in the past few years, companies in highly regulated sectors have rapidly advanced their risk mitigation initiatives and are issuing increasingly detailed IG protocols that have reached their outside counsel.
As a result, law firms are being forced to evolve their IG capabilities to accommodate the distinct guidelines of individual clients, reduce storage costs and mitigate litigation risk by eliminating old documents and records.
The IG revolution is here, but most firms are not equipped to handle it.
Most law firms identify records management as a key part of IG, even more so than eDiscovery, risk management and compliance. Yet many firms are still using records management software that is outdated or unsupported.
Even worse, these legacy systems have never included even the most basic IG function of applying retention policies against physical records and electronic documents. So, while the IG revolution has come, most firms are not ready. As a result, IG compliance threatens to overwhelm law firms’ resources, massively reduce productivity, negatively impact reputations and undermine long-term profitability.
What’s behind the IG shift?
Attorneys are starting to realize the risks associated with failure to comply with their own IG policies. Costs are escalating for storage of both electronic and physical records, as are the risks of data being subject to discovery when firms cannot demonstrate consistent application of retention policies.
But the biggest factor making law firms comply is industry cooperatives, which are driving IG compliance forward. Leaders in regulated industries like financial services, government agencies and insurance are collaborating to identify risks and define policies and practices to address these risks. For industries with common risk profiles and regulated or sensitive information, collaboration enables them to pool their experience identifying risks and share successes, thus reducing these risks. They are also sharing their lessons from data breaches, whether these occurred internally or through supply chain breaches.
All this knowledge is being used to create detailed IG controls the members of the consortium are all adopting. These controls are then supplied to law firms as outside counsel guidelines, which are being included as part of engagements and subject to audits.
Part two of this series further explores the impact of OCGs and the compliance audits firms are facing today.