Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1496203
47 I L T A N E T . O R G Compliance with the demands of your clients and profession The next compliance booby-trap for firms is Outside Counsel Guidelines, which are becoming more ubiquitous and more demanding. Whereas they were initially conceived as a mechanism to help ensure the client is getting value for money from the firm, in the light of rising cybercrime OCGs are becoming more prescriptive around how and for how long firms holds client data. In addition, some clients – particularly big corporates – are setting their own "gold standards" for data management that go beyond existing or anticipated legislation, and which will be passed on in OCGs. It's also the case that when the firm attends pitches and when clients are reviewing the firms they want to retain, clients will want to hear reassurance about how their data, some of which is hyper-sensitive information, is being stored and actively managed in line with best practice, including when it's accessed by collaboration tools and in deal rooms. The ability to point to rigorous information governance systems will strengthen your hand in competitive pitches. Clients are also increasingly looking for ISO/IEC 27001 certification. To gain this, firms need to demonstrate to a third-party auditor that they've met requirements in relation to physical and electronic information security, including in relation to data retention. The standard's requirements include for an information inventory to be maintained and for information to be classified and labelled according to the information security needs of the firm based on confidentiality, integrity, availability, and relevant interested-party requirements. Controls need to be in place for information access and transfer. Records must be protected from loss, destruction, falsification, unauthorized access, and unauthorized release. Plus, international standards always insist on regulatory compliance, so firms must identify and meet applicable regulations and contractual requirements that protect PII. Finally, lawyers must also be careful about maintaining compliance with their professional standards in relation to how client data is handled and secured and for how long. But these aren't the only reasons to pay attention to data minimization. System performance and storage costs Firms are also well advised to minimize data because of the hidden cost of not doing so. Excess data impairs the efficiency of your systems. Bloated databases take longer to process requests such as searches; and system functions like backups, reorganizations, migrations and disaster recovery protocols take longer. Plus, the impact of slow systems could be worse than you think. When a system freezes or takes too long to load, the user's train of thought is interrupted and they lose momentum. A University of California study concluded that it takes an average of 23 minutes and 15 seconds to get back to a task after interruption. 9 The impact on productivity is clear, not to mention the impact on lawyer morale and stress levels. We're also seeing a big rise in matter mobility. Whether clients are moving from firm to firm or lawyers are, the firms that are across their data management and minimization will be penalized much less by matter mobility because you'll simply be able execute it much more quickly and efficiently. Storage can be pricey Finally, firms also need to think seriously about the avoidable costs of excess data storage. Until quite recently, data storage was a fixed, but relatively manageable cost. That's changing, partly because the use of cloud