Issue link: https://epubs.iltanet.org/i/68817
Minimize Risk and Maximize Reward: Building a Compliant KM Collection • Regulated data (e.g., information subject to HIPAA regulations) • Documents subject to special handling requirements by court order or agreement • Information subject to special handling requirements by client direction • Information subject to a confidentiality wall • Trade secrets or other sensitive commercial information • Other information to which access within the firm should be limited If such materials can and will be included, consider developing guidelines for the proper handling of this information by attorneys and staff. 3. Train attorneys and staff on the appropriate use of the collection. Communicate the guidelines that the firm develops to attorneys and staff who can add materials to the collection. Training them on the process for identifying materials that can and cannot be added to the KM collection will minimize the risk of improper handling of information. If applicable, the firm should also consider the most effective way to communicate relevant access restrictions on particular materials. As part of the firm's training, it could be useful to provide regular reminders about the appropriate use of the KM collection when attorneys and staff access the collection. Attorneys and staff should be reminded that documents in the repository might be privileged or confidential. Also, if the collection includes a variety of different types of prior work product — such as drafts or research memos — attorneys and staff should be reminded that the documents might not be final documents and should only be used as a research tool. If possible, consider creating an automated disclaimer with reminders on electronic repositories. 4. Confirm that your retention policies appropriately reflect the treatment of materials in the KM collection. Since a KM repository is intended to be an ongoing resource for the firm, documents in the repository are usually excluded from a firm's document retention policies. For the sake of clarity, firms should consider noting that point in their retention policies. Firms should also prevent documents that cannot be retained indefinitely from being added to the collection (e.g., documents subject to destruction by order or agreement). 5. Consider technical controls that might be available to manage risk and compliance issues associated with materials in the collection. When you have identified the types of materials that should not be included in the collection, investigate technical or other controls that can be put into place to minimize the chance that those materials will be included inadvertently. For example, in an electronic repository, you might be able to automatically exclude from the collection documents saved under certain client/matter numbers. Also, an automated confidentiality wall solution can be applied to the collection. Of course, as with any law firm repository, a firm should investigate the security of any technology platform proposed as a repository for a KM collection. Minimize Risk, Maximize Reward Taking these considerations into account when establishing or maintaining a KM collection will help a firm succeed in offering a valued practice solution to its attorneys and staff in a manner consistent with its risk and compliance program. ILTA White Paper 27