The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 44 for sensitive client information sent to unsecure domains like personal email addresses. • Adopt Enterprise Ethical Walls and Beware of Workarounds: Erecting ethical walls on the DMS is no longer considered the standard for effective compliance. Judges expect that information barriers extend to other software systems containing sensitive information, like SharePoint. Most firms would find it unfeasible to apply ethical walls to email systems, but firms can monitor for instances when lawyers on opposite sides of walls send protected documents to one another, or they can apply technologies that inhibit users without access rights from opening secure documents. • Secure Large Quantities of Regulated Information at the Practice Group or Sector Level: Regulated personal information exists in practice groups like trust and estates, tax or real estate. To provide a layer of protection without hampering collaboration, firms are increasingly locking down content by practice groups, industry sectors, offices or jurisdictions. This reduces administrative burden (since matters tagged within a practice group are automatically secured) while permitting collaboration across business teams. • Monitor as a Compensatory Control: Many firms will insist on retaining an open security model, but IT stakeholders still have the responsibility to apply improved controls. Intelligent activity- monitoring tools can substitute for security by alerting management of suspicious behavior that could signify a problem, such as spikes in activity or other anomalies. TURN SECURITY INTO STRATEGY "It's all about the Benjamins." — No Way Out IT professionals must adopt an attitude of compromise to define access control and information security programs that align with management needs and expectations. Before charting specifics, though, they must convince management that security is a business issue and a firm priority. There is no better way to do that than to align security with firm strategy, to remind leadership that today's clients expect strong controls and will readily take their work to another firm with a more confident security posture. By aligning technology with business priorities, IT stakeholders also achieve a stronger voice — a senate vote, as it were — to help construct and protect their firm's republic. FEATURES THE LAW FIRM INFORMATION GOVERNANCE SYMPOSIUM PROPOSED THE FOLLOWING 11 PRINCIPLES FOR LAW FIRM INFORMATION GOVERNANCE: • Educate all firm citizens regarding their IG duties and responsibilities • Confirm the authenticity and integrity of information • Recognize that the official record is electronic (assuming jurisdiction does not specify paper) • Store information in a firm-approved system or record-keeping repository • Classify information under the correct client/matter/administrative code • Control the unnecessary proliferation of information • Arrange for the proper disposition of information when it reaches the end of its legal and operational usefulness • Secure client and firm confidential/personally identifiable information • Comply with subpoena, audit, and lawsuit requests for information • Conform all lines of business systems and practice group applications to IG standards • Ensure third parties who hold client or firm information comply with the firm's IG