The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/116777
case studies Can't Have Data Management Without People, Process and Technology by Robert Morrison of Fredrikson & Byron, P.A. In a law firm, information security is of utmost importance, and data management is a large factor in just how secure your information is. People, process and technology all affect modern information security, and data management is no exception. While the technology can be expensive, it is necessary, and the people and process elements will save money in the long run. In this age of big data, all three components must work together in order for your data management plan to be effective. People, processes and technology are how our firm has had great success with controlling data growth. Begin with the People Our firm has several key positions in the IT department to facilitate data management and security. In the best position to leverage the power of people have been our CIO, security engineer and records manager. Each of these positions offers something of value to the firm and its clients. A vested CIO can influence people, process and technology — with the added benefit that there is a place where the technology buck stops. A CIO skilled in diplomacy can improve adoption rates of new IT solutions firmwide. Clients with a comprehensive IT infrastructure and organization will know your firm takes IT matters seriously and will appreciate it. A security engineer utilizes technology to safeguard data, ensuring the security of host computers, databases and data 36 Peer to Peer transfers. A records manager is responsible for making sure legal requirements are met for the creation and retention of data. Both of these positions helped improve our firm's security standards, while also improving client perception of our security profile. In addition to these key positions, the entire firm was involved in overhauling the data management process. When planning to update our data management system and policies, we asked for input from the users. The more people you involve in the process the better — from retention policy to design and making the system easy to use. We made a point to include non-attorney staff, whose feedback provided much insight on the practical matters of workflow, ease of use and other administrative input. Taking this critical step during the planning stage went a long way toward encouraging later adoption. Hammer Out the Process Once we had our people lined up, the next order of business was to establish proper policies and procedures. We needed to define what a document was, decide on and implement a document retention policy, and educate users about both. We developed a strong policy of where records should reside. In addition, we created policies about sharing records, how that should be done and what was allowed on the cloud, limiting documents on machines out of our direct control or those sent through private Web email accounts, file-sharing services and those on thumb drives.