publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1188906
I L T A W H I T E P A P E R | I N F O R M A T I O N G O V E R N E N C E 27 P R O P E R N A M I N G A N D C L A S S I F I C A T I O N O F F I L E S be imposed, the same is now true for how we name and classify our information. Because law firms are custodians of client information (including practice support, financial and litigation support) an additional level of responsibility and care is required. Let's discuss how a bit of planning, forethought and strate can help meet these objectives. A file naming convention is a systematic method for naming files. A file naming convention is the most powerful and effective foundation for organizing, retrieving and securing information. It's important to get it right, so enough time should be invested to think through carefully. What are some of the specific considerations and areas of focus? While not an all-inclusive list, there are several factors that are re-emphasizing the need for standards and classification. General Security. Most firms have implemented or are in the process of implementing some sort of data classification program. You may have your categories of classification identified. This is generally the easy part. The challenge arises when you are tasked with applying the classification scheme to your information that cannot be easily identified. For example, it is impossible to know what level of security a document entitled "Joes_Document" requires vs. one named "2019_Performance_ Review_ Joe_Smith." The latter clearly allows for the identification of the document as sensitive. Legislation/Regulations (such as GDPR/CCPA). It's all we've been hearing about and is not likely to change any time soon. In fact, the requirements and expectations are only going to increase. Penalties for non-compliance are steep. For example, using the example above and absent any governed structure, fully complying with a subject access request may be next to impossible. If you were asked, would you be able to respond confidently that you have met all of the requirements? Client Mandates. Expectations from our clients continue to grow. Anyone who has responded to a security audit or an RFI has likely answered questions specifically targeted to information storage, handling, security and disposition, most times with the mandate that certain information be dealt with in a specific way and either disposed of or returned at a certain point during or after the representation. Access is often a primary focus, leaving firms with the responsibility of applying various levels of security. In an unstructured environment, this can be challenging, if not impossible to do. Records Retention. The days of "keeping everything forever" are becoming a thing of the past. For many of the same reasons driving us to look at structure and governance, Firms must now be more strategic and deliberate in the information they retain and for how long. How can you segregate client data from work product? One step farther, how can you distinguish know-how and precedents from client information? A body of well named and classified information provides the required foundation to the rules applied to retention and disposition. Efficiencies. One of the unsung heroes of a good governance strate are the efficiencies that can be realized. Studies vary, but generally speaking industry surveys indicate that the average worker spends between 20-30% of their time searching for information. Investing time up front brings downstream benefits, especially when equating that lost time to an attorney's billable rate. You may realize that you need to develop a naming convention strate – but where do you start? As with most efforts, to be successful it is important to engage and involve your stakeholders and end users. Many standardization projects have fallen short because this step was missed, and a plan was implemented without taking into consideration the specific needs of certain people or groups. The end result is a search for workarounds, with information being saved in systems that do not require standards or individual organization methods that contradict with the standard – resulting in an even greater mess than if no standards existed at all. Consistency is important the approach should be practical. Designing an over-complicated system will defeat the purpose. Keep file names as short as possible and choose a convention that is universally understood. Even when you've taken all the right steps, engaged the right people and invested the time in developing effective conventions and standards, there will still be pockets of resistance. When it is still a challenge to get people to save things in the right place, much less follow a standard naming protocol,