publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/698367
29 WWW.ILTANET.ORG | ILTA WHITE PAPER KNOWLEDGE MANAGEMENT Advancing KM in a Security-Conscious World Many law firms still have an open DMS and address client demands case-by-case, an approach rapidly becoming untenable. Given the clash between new security measures and KM will likely target the DMS, this article considers how to advance KM in light of a closed DMS. More Security Please Clients face increasing business and regulatory pressure to bolster their data security. For some, cost and reputational damage to another player in their industry that suffers a data breach are motivation enough. For others, regulatory changes mandate they treat their data with far greater care than before. Consider clients subject to International Traffic in Arms Regulations (ITAR) that no longer allows non-U.S. citizens to access information about certain defense or military technologies. In addition, the Health Insurance Portability and Accountability Act Omnibus Rule tightly controls how protected health information (PHI) is handled and includes third-party liability for breaches. As a result, law firms are seeing more outside counsel guidelines, requests for proposals and other service agreements with security requirements, and information security questionnaires and client security audits. Law firms are also assessing their exposure in light of these regulations and proactively deciding to change their data security models. The legal profession is evolving, but many law firms still have an open DMS and address client demands case-by-case, an approach rapidly becoming untenable. Firms seeking to address the issue more systematically are exploring how restrictive a lock-down needs to be, ranging from need-to-know to maer or client level, to practice group or all aorneys. Discussions around categorizing and classifying data, such as PHI- or ITAR-related data, and tailoring security to data type are now commonplace. With such a complicated framework, some assume that law firms will adopt the most restrictive access as the lowest common denominator. Be a Part of the Solution As a KM professional, now is the time to get involved in your firm's discussions about restricting access to the DMS. Work with your general counsel, security and information management teams to tailor restrictions where possible, whether based on client needs or classification of the data involved. Without KM at the table, clients and firm decision-makers might not fully appreciate the effects of a highly locked-down environment. When a client hires a law firm, it expects to reap the benefit of its collective knowledge and expertise. A closed DMS makes this difficult, puing knowledge into silos, which increases the cost of knowledge- sharing. The law firm will ultimately have to devote more resources to ensure continued cross-pollination of ideas. Having KM involved in the discussions around a restricted or closed DMS can lead to more practical solutions that still respect the security requirements clients demand. Change Management Regardless of your firm's approach, KM should anticipate the need for communication and education about this huge cultural shi. Aorneys not only like to find past work product for comparison against or use as a starting point, they have the notion that starting with a blank piece of paper is akin to malpractice. They are cautioned not to reinvent the wheel. They are advised to use work product that has benefied from iteration aer iteration. When I mentioned the prospect of a