Issue link: https://epubs.iltanet.org/i/74024
Managing the "People" Side of Information Security Projects based framework. For instance, it's not uncommon for a specific process to kick off when a lawyer informs the risk team that certain matters need to be screened. In response, risk staff may record the details of the engagement and contact IT to implement access controls. Once those controls are in place, IT may update risk staff, who will then notify affected matter teams. While priorities vary, many firms often identify the following confidentiality management goals: • Standardize and streamline the entire confidentiality lifecycle management process • Define which types of matters are subject to information barriers • Identify scenarios in which restrictions must be put in place and individuals authorized to mandate restrictions for specific matters • Establish a centralized repository of individuals working on confidential matters • Automate logging and reporting capabilities necessary to certify compliance to internal or external parties • Add new levels of automated compliance checks, such as flagging scenarios when a lawyer is accidentally added to both sides of matter teams separated by an ethical wall Managing Awareness and Updates Determine Notification Scope: As firms enhance, expand and automate confidentiality management, it's important to review and vet any changes that affect users. A key area of consideration warranting specific focus is notification management. Firms often wish to create notification policies that may affect all or only a subset of confidential matters and automate the distribution of memoranda to lawyers and staff. In some instances, they may even wish to restrict access to authorized members until such notifications are affirmatively recognized (aka "acknowledge to access"). Managing notifications includes addressing: • Notifications to matter teams. Notifications must be appropriately tailored for different types of scenarios and must effectively convey professional confidentiality obligations as well as the processes to be followed. • Notification reminders. Firms may elect to send periodic reminders to affected parties, but should limit the volume of notifications to avoid information overload. • Team change management. It is crucial to have a policy in place to manage ongoing changes to the matter team and access requests. • Information barrier lifespan. Firms may choose to specify an expiration date for policies, or they may opt for an indefinite lifespan or a defined review period. Manage Matter Relationships and Teams: Firms that implement confidentiality management software that is incapable of identifying separate restrictions that apply to related matters, or overlapping restrictions applying to the same set of matters, face additional management challenges. In these instances, it can be difficult to keep track of which lawyers are able to work on which matters and to ensure that policies are not breached. Special care should be taken to include manual audit and review protections. Another area of growing focus is matter team management. Given the fluid collaboration among lawyers, no artificial obstacles to productivity should exist. ILTA White Paper 25