Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1508143
55 I L T A N E T . O R G I nformation is a critical asset for every business – but for law firms it's even more serious because information is one of the few real assets you have. As such, firms are waking up to the need for robust, firm-wide frameworks for managing information. As to how that's done, in truth many firms are still struggling with the practicalities of embedding the information governance (IG) they need. In this article, Chris Hockey outlines the approach he's taken previously as former information governance director at a mid-sized firm based in upstate New York, while Chris Giles of Legal RM supplies a sector-wide perspective. We won't dwell too long on what information governance is and why it matters so much to law firms. IG is simply how firms manage their information assets across the entire organization to help achieve two things: on the one hand business success, and on the other risk mitigation. The business success bit comes from efficient information management that furthers the firm's objectives. It's about how vast amounts of data are held and organized to enable quick retrieval, effective collaboration and overall operational efficiency. It's about embedding a cross-disciplinary approach to information sharing, and nurturing a climate wherein the adoption of appropriate innovation and emerging technologies becomes easier. IG also facilitates efficient e-discovery processes that reduce costs and comply with court requirements. It includes effective record lifecycle management and systematically purging records the firm no longer needs to retain. It's also about identifying gaps in systems or procedures that when filled will make information flow more effectively. Firms with strong IG also put themselves in pole position to institute effective knowledge management, which is about creating and using knowledge to the firm's benefit. It could be a case of providing timely access to reliable, relevant and comprehensive information that supports better-informed decision making. Or about capturing, preserving and processing institutional knowledge and extracting the maximum value from the information held in the firm. Risk mitigation Meanwhile, the risk mitigation bit of IG comes from the need to consistently safeguard information, especially client confidentiality. This is part and parcel of maintaining compliance with regulations (GDPR, CCPA), with client requirements (letters of engagement, OCGs) and with professional obligations (ABA, SRA), thereby avoiding penalties, potential disputes and reputational damage. On that note, it's also critical for law firms to maintain client confidence and trust. Robust information governance will help you build and consolidate your reputation for handling client data responsibly and securely, which is the bedrock of many a long-term relationship. Still under the risk heading, firms also need information governance to underpin business continuity and disaster recovery planning. If the worst happens your recovery will be infinitely easier and quicker if the firm's information assets are well organized and protected. Part of information governance is about backups and disaster recovery procedures that minimize potential downtime. As to what IG is in practice, according to the international standard on IG concepts and principles, it's basically a bundle of policies, processes, procedures, roles and controls that the firm puts in place to help it meet information-related operational, regulatory, legal and risk requirements. 1 But it's also a lot about buy-in. Everyone in the firm should understand and take seriously their own information-related obligations, risks and opportunities. The question becomes: "How do you make that happen?"