Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1542659
36 operations and client service delivery. For corporate legal departments, these requirements flow directly into enterprise-wide compliance responsibilities, making effective governance essential to partnering with the business. The IAPP's research documents how organizations are grappling with "digital entropy"—the challenge of managing privacy, AI governance, and cybersecurity across previously siloed functions. For law firms, this convergence is critical. Automated decision-making provisions in state privacy laws intersect directly with AI deployments. Colorado's AI Act requires developers of high-risk AI systems to protect consumers from algorithmic discrimination and conduct impact assessments. California's CCPA regulations require risk assessments for automated decision-making and allow consumers to opt out. Meanwhile, more than 40 states have enacted AI-related laws covering deepfakes, government use, and healthcare applications. This patchwork creates compliance complexity that can be managed only through disciplined information governance. FROM POLICY TO PRACTICE: THE OPERATIONAL LAYER When Nixon Peabody LLP, an Am Law 100 firm with more than 600 attorneys, decided to tackle its Information Governance challenges, leadership recognized that internal initiatives had stalled. The firm did not need another policy revision—it was execution. The firm brought in outside expertise to drive implementation. The consultant operated as an embedded team member—meeting with department heads, understanding workflows, and designing a governance structure that could be adopted across diverse practice groups. The approach was pragmatic: build firm-wide standards while remaining flexible enough to accommodate how different departments work. The work moved beyond policy into tangible execution: identifying legacy records for defensible deletion, coordinating destruction protocols, managing client notifications, and stabilizing operations when internal resources became unavailable. This is what the operational layer of governance looks like—the bridge between legal, IT, and records that turns frameworks into functioning systems. The same operational gap appears in corporate legal departments, where lean teams must manage retention, privacy compliance, AI risk, and cross-department collaboration without dedicated IG resources— making execution support just as critical as it is for firms. WHY GOVERNANCE IS THE GATEWAY TO AI READINESS AND REGULATORY COMPLIANCE AI is only as good as the data it ingests. For law firms and legal departments sitting on decades of ungoverned information, that's a serious problem. McKinsey's research on agentic AI implementations reveals a consistent lesson: success requires fundamentally reimagining entire workflows—not just deploying agents, but redesigning how people, processes, and technology