The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1150262
P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 1 9 35 Changing Perceptions Information management professionals that are embracing this challenge, however, are finding strong internal support for their information governance efforts. Client scrutiny is now an opportunity for differentiation. If you can demonstrate to clients and prospects that your firm has well-established IG policies and procedures and can show how you are protecting client information, it can set you apart—and give them confidence that your organization has what it takes to manage information in line with their requirements. It can also provide leverage when negotiating outside counsel guidelines. Firms that have the necessary controls in place and a well-informed understanding of standard industry practice generally find it easier to identify which terms are inconsistent with the firm's own policy and push back on nonstandard retention periods, for example. We'll review some of the best practices which information governance and records management leaders have raised during a recent series of strategic briefings and discussions across the U.S.: • Get management buy-in and support. Getting firm leadership on board in supporting your IG initiatives is key to overcoming the culture of "keep everything forever." With a clear mandate from above, it becomes easier to set priorities, collaborate cross-functionally, enforce policies and secure the necessary resources to make changes. Many IG, records and IT teams we work with have support from the general counsel, CIO or COO, with additional backing from the managing partner and/ or the executive committee. Firms working with clients in highly regulated industries (e.g., banking, financial services and insurance; health care and pharmaceuticals; ener; and government) often find that management is very receptive to taking action with a sense of urgency due to stricter regulatory requirements, the prevalence of OCGs and the frequency of security audits. • Map the information you have and how it flows. Identify existing information repositories, including client matter information. Ask team members in each department what information they receive, create and collect and where they store information, how long they retain that information and who has access. Be sure to capture the "official" repositories such as the document management system, databases, email archives and other business applications such as the new business intake system and practice management systems, as well as file shares, local drives and paper files. Mapping how client matter data flows through the company's systems can also help you identify where controls may need to be tightened. "It's hard to negotiate client requirements if you don't have an information governance program as a foundation . . . It starts with mapping information. You can't govern what you can't see." — Christopher Egan, Assistant General Counsel for Information Governance, Akin Gump • Set policies and standards and educate users. It's not uncommon for firms to have a multitude of policies related to information governance, which are enforced haphazardly and which may even conflict with each other, or which may need to be brought up to date with relevant legal and regulatory guidelines as well as current practice. By breaking down information silos and building better communication channels across departments (such as IG, records, IT, security, compliance and the office of the general counsel), you can start to reconcile and/or integrate policies (covering topics such as RIM, security and data privacy) collaboratively and iteratively. Updating your IG policies is also an opportunity to reexamine how the firm defines what constitutes a client matter file, a business record, personal information or sensitive information; where this information should reside; who has access to it; how long it should be retained and preserved; and how it should be disposed of. Once policies and procedures are set, it is essential to work with a cross-functional team to ensure that employees throughout the firm are fully trained on relevant policies and help foster a culture of information governance. • Implement governance systems. Technolo can play a critical role in helping your firm implement and manage the controls necessary to comply with the firm's IG policies— and track and manage compliance with any client-specific requirements. With so much information today stored electronically, it no longer makes sense to try to manage everything manually via spread- sheets, email and human memory. It can also be problematic to use multiple systems in silos. As you evaluate solutions, ask: Does this technolo provide us with visibility across all our information repositories such as our document management system, file shares and