Digital White Papers

Information Governance: April 2015

publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/503802

Contents of this Issue

Navigation

Page 38 of 40

ILTA WHITE PAPER: APRIL 2015 WWW.ILTANET.ORG 39 SIMPLIFY CLIENT AUDITS WITH PROACTIVE COMPLIANCE clients. As outside audits become more pervasive, it's incumbent on the legal profession to harmonize its information governance. A law firm's policy management, client audit requirements, records management, security protocols and content management have to be aligned, frequently reviewed and visible across the organization. Information governance activities used to be done with spreadsheets, checklists and email messages. But the evolving landscape requires a new approach. Relying on manual processes in such a complex environment takes more time and money. And since compliance doesn't fall under billable hours, this is time spent not making money. Many industries implement a holistic governance, risk management and compliance (GRC) approach. Although there are dozens of definitions for GRC, it essentially brings order to the chaos of having multiple assets to protect, regulations to follow and risks to manage, each of which change and expand every day. A GRC approach helps organizations run more efficiently and deploy their resources to meet their goals. Enterprises can centralize information and gain greater transparency. Organizations can better manage all facets of compliance and information security programs. For law firms facing increasingly numerous and stringent compliance requirements, a proactive GRC approach can help in the following ways: TRENDING: REGULATION AND RISK Corporate clients are demanding greater proactive compliance from law firms. We see two trends that necessitate this. First, many laws and standards now apply to third parties of covered entities. Law firms count as third parties. If you have clients covered by HIPAA, you also have to comply with HIPAA. If you are outside counsel to a financial services firm, you must comply with Gramm-Leach-Bliley. Second, hackers who find resistance at the front gates of major organizations are taking advantage of back doors into those networks. With a direct connection, a company's outside counsel law firm becomes a back door. Hackers realize that a law firm's IT security might not measure up to the fortress its clients have spent fortunes to build. Law Technology News writer, Evan Koblenz, noted that at the 2013 LegalTech event in New York, a former special agent in charge of cyber and special operations with the FBI's New York office said hackers have been increasingly targeting law firms. Because firms are being targeted, their corporate clients are performing more security- related audits and will "pull work from law firms" as they consider security risks, as predicted by Joe Dysart at the ABA Journal. TAMING THE MANY-HEADED BEAST Proactive compliance will continue to be an essential responsibility for law firms with corporate A law firm's policy management, client audit requirements, records management, security protocols and content management have to be aligned, frequently reviewed and visible across the organization.

Articles in this issue

Links on this page

Archives of this issue

view archives of Digital White Papers - Information Governance: April 2015