Law Firm clients have prioritized risk mitigation initiatives in recent years, issuing increasingly detailed information governance (IG) protocols that continue to create new and growing challenges for law firms.
In this three-part series, we’re exploring the IG revolution currently underway including what’s driving it, how it’s impacting law firms and how automation is proving essential to achieve compliance. Read part one and two in the series here.
IG Compliance is Incredibly Complex.
Along with the dramatic growth in volume discussed in our previous post, information governance and compliance have become incredibly convoluted – particularly in highly-regulated industries.
Many information security and governance stipulations are not consistently applied across all data in a legal matter. Clients often issue different management controls and retention for their client data versus the other information involved in a legal matter.
For example, some clients are requiring law firms to confirm the return or destruction of “client-provided data” within 120 days of work on a matter, while other legal matter records may be retained for seven years.
Moreover, many clients are now defining “key data” (i.e., very sensitive client information, such as service account details, employee information or business trade secrets) to which they are assigning very exacting limitations. These limitations may include who is authorized to access it, the data’s geographic location and requirements for IT system controls (such as data encryption). They are also stipulating the technology methods used to delete the data from a firm’s IT system and confirmation methods for that deletion.
Automation is Now Essential.
In this environment, effectively instituting and following through with IG policies is a task at which few firms succeed. While some try to tackle the issue of electronic records by rolling out electronic document management solutions, these systems simply don’t address retention, much less solve the disposition problem across multiple repositories.
Ultimately, an effective IG program uses records management as its defining pillar.
Today, the goal of an effective IG program is to manage and track all records in every repository. Beyond physical records and electronic documents, this even includes transactional records, such as those found in AR, AP and ERP systems.
Ideally, managing retention policies and disposition reviews should be done once in a single software system.
Retention policies need to be granular enough to apply any variations from a client’s OCG to the correct documents. Furthermore, all the steps within the software need to be automated so that nothing falls through the cracks. And, most important of all, audit trails and reporting must easily document compliance for a matter for all records and documents across all repositories.
A law firm’s best strategy for success in IG is to thoroughly vet the available IG software. Create a road map, do a proof of concept and compare the products side by side.