The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 20 BEST PRACTICES These disciplines are entwined, so law firms should adopt a cohesive plan to ensure data are properly managed, secured and available for review in government investigations, litigations and incident responses. Here are nine steps to a good data management plan: Involve Management. Data management best practices must be embraced and communicated by top management. You should assist them in integrating data management throughout their messaging. It is one thing to have best practices, but it is even better for data management to be a part of the firm's culture. Develop a Plan. IT, risk, compliance and security departments should work together to develop a data management plan that covers the creation, storage, security, disposition and deletion of data. The data management plan should provide a comprehensive look at the data life cycle and be easily digestible by everyone. This written plan should include how success will be measured and integrate information governance, e-discovery and cybersecurity into a practical, trainable solution. Train Employees. An easy practice often overlooked is to provide ongoing employee training on good data management practices. Make sure employees understand information governance guidelines, embrace the tenets of litigation holds and e-discovery, and protect sensitive information. Training is an iterative process — it should occur frequently throughout an employee's tenure at a firm. Create Documents Strategically. As attorneys and staff create documents, they should think about how those documents fit into the cohesive data management plan. If trained properly, they will prepare documents understanding retention policies and potential ramifications on information governance, e-discovery requirements and cybersecurity responses. Incorporate the Cloud and Social Media.Law firms often have great policies and procedures for the data behind their firewall, but they overlook the data management required by new cloud and social media solutions. These external data storage areas must be included in any successful data management plan and have disposition and response plans associated with them. Proactively Perform Assessments. Early information assessments (EIA) begin upon data creation, not during moments of crisis. During the identification stage, you should designate potential data for dispositions and associate specific rules and policies with data. About the Author Todd M. Haley is the Vice President of Business Intelligence at eTERA Consulting, LLC, which specializes in information governance, e-discovery and cybersecurity, encompassing all aspects of the Information Governance Reference Model (IGRM), the Electronic Discovery Reference Model (EDRM) and the NIST Cybersecurity Framework (CSF). Todd can be contacted at marketing@eteraconsulting.com. Nine Steps to Good Data Management 2 3 4 5 6 Managing data in a legal environment includes three data disciplines: • Information governance (determining how data will be appropriately handled) • E-discovery (identifying data as relevant and non-privileged in a government investigation or litigation) • Cybersecurity (securing data from those who should not see it