Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1502513
49 I L T A N E T . O R G W e're seeing a growing realization among law firms that unchecked data proliferation has become too risk-laden and costly not to be tackled. Yet firms are often overwhelmed by the scale of the effort required to find, classify and minimize vast volumes of content. In this article, Chris Giles highlights the issues and walks you through the five steps that are helping firms conquer their information retention and disposition requirements. We know that data is everywhere in law firms. Some of it aging. Some of it sensitive. Some of it in strange, inaccessible formats, or on forgotten legacy systems. Everyone feels an instinctive need to "clean house", but where to start? It's all too tempting to put it off and wait for someone else to take ownership. Yet while you're waiting for that to happen, your data mountain is growing and getting harder to scale. More useful, at this point, is to develop a sense of urgency. Historically, records retention and disposition have been relegated to the second tier of information governance priority, with data security and anything that contributes to revenue earning and collection taking precedence. As this article explains, that needs to change. For four good reasons, information retention and disposition should be promoted to a top priority. Reduce your vulnerability The first reason is that bloated content repositories increase the firm's exposure to hackers because they promise juicier pickings for professional and determined criminals. The second is that the costs of data storage are rising. This is particularly noticeable as firms increasingly migrate their data onto cloud-based document management systems or adopt Office 365 and tools like Microsoft Teams and SharePoint. The costs of enterprise data storage start to become really significant. The third reason is that carrying excess data is a drag on firm productivity. It slows down and congests systems. Fourth, excess data mitigates against consistently maintaining compliance, both with a growing legion of data privacy regulations (see below), and with outside counsel guidelines (OCGs) that increasingly include stipulations around managing and destroying content on set timelines. This is further underscored with ISO accreditation requirements to implement consistent information governance policies and processes. It's all leading firms to be increasingly conscious that retention and disposition do require action. In a recent LegalRM poll we found that 55% of respondents were motivated by concerns around data security and the fear of being hacked; 24% hoped to achieve cost savings; 13% were concerned to maintain regulatory or OCG compliance; and a further 5% aspired to achieve and maintain infosec certifications, typically to ISO/IEC 27001, as clients start to mandate such accreditations or because they felt it gives them a competitive advantage when pitching for new business, but ultimately also reduces their vulnerability to cyberattack. Cautionary tales Tackling the data mountain is also made more urgent by the fact that for many firms their IT estate is beginning to get away from them. This is because IT is far from new at this point. It's not unusual for firms to have legacy systems holding electronic records that are over 20 years old. These can easily be so old that data is on unsupported platforms, meaning patches are no longer being issued, making them particularly vulnerable to cyberattack, and even more concerning is that often the firm may not even know what's on these older systems due to staff turnover.