54
P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 2 3
be finalized before data mapping starts. It's a question of
making progress wherever possible.
In tandem, firms should focus on the low hanging
fruit by tackling what's easiest and nearest at hand first.
That way it's simpler to get going and to achieve some
"quick wins". Low hanging fruit might, for example, be
the resurrection of an existing information retention and
disposition policy or looking to reduce done your DMS
footprint before or as part of a migration to the cloud.
It's also sensible to think about where your highest
risks are and tackle these early. Where in the firm is data
most exposed and/or where is the most sensitive data
concentrated? Typically, the data that will get firms into
trouble with regulators is PII. But also, what commercially
sensitive data do you hold? Mergers and acquisitions can
be a rich seam for hackers who want to extort money via
ransomware. Or does the firm have certain clients with
very particular OCG requirements in relation to data; or
who are higher profile and more likely to attract hackers
or even hacktivists? It follows that there may be certain
practice areas, clients or systems that should be given
priority in your data retention project. So, think about your
order of play.
Phone a friend
A further consideration is that the firm needn't do the
all the work of data retention and disposition on its own.
Quite the contrary, because there are commercial software
tools such as iCompli that take much of the burden off
your hands by, for example, automating how a retention
and disposition policy is systematically applied to mapped
data. To make the most of these tools, it's wise to begin a
conversation with software vendors early in the process.
That way you'll minimize redundant effort and maximize
the efficiency of your information retention and disposition
project from day one.
Records retention and disposition is a big task, but
not an insurmountable one, especially when you deploy
tools that automate key processes. There are a lot of moving
parts, but once you understand what you have, and what
you're going to do with it, this fundamental obligation –
broken down into bite-sized pieces – will not be as hard to
conquer as you think. ILTA
.
Q 2 W H I T E P A P E R S
Chris Giles is CEO and Director of Information Governance at
LegalRM, which creates market-leading software, services and
solutions for records, risk and compliance management and serves
some of the world largest law firms as well as blue chip organizations
from other industry sectors.
1. https://ico.org.uk/media/action-weve-taken/mpns/4019746/tuckers-mpn-20220228.pdf
2. https://legaltechnology.com/2023/04/12/ince-group-to-enter-administration-after-
major-creditor-withdraws-support/
3. https://www.standard.co.uk/business/law-firm-ince-group-administration-
bust-b1073675.html
4. https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
5. Health Insurance Portability and Accountability Act of 1996, a US federal law protecting
sensitive patient health information from being disclosed
6. https://legaltechnology.com/2023/03/27/heidell-pittoni-fined-200k-by-new-york-ag-
for-2021-data-breach
This approach will be explained in greater detail during our ILTA
Masterclass; Rome wasn't built in a day, where we will discuss the five
steps that will help you conquer your firm's information.
click here to register »
ILTA Masterclass
