The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
www.iltanet.org 14 Peer to Peer BEST PRACTICES Information in the Law Firm: An Asset and a Risk T his e-mail exchange took place between me and a partner who was reacting to the firm's requirement to file e-mail messages or risk having them archived or deleted. It's typical of what many law firm risk, records and information technology professionals have heard from partners. It also typifies the growing tension between a lawyer's desire for constant and immediate access to information and a firm's need to prevent poor management of information. Mismanagement of client, firm or employee information can result in severe consequences ranging from lost fees to fines and sanctions and even criminal penalties. Today, many drivers impel law firms to wrap better policies, procedures and technologies around their information management protocols. These drivers fall into two categories: cost control and compliance. COST COnTROL Law firms spend increasing amounts of money on the storage of both physical and electronic information. It's not uncommon for large firms to spend more than $1 million per year on the offsite storage of physical files. The cost of servers, software and staff necessary to ensure appropriate storage of electronic data can be as much or more. Lawyers resist efforts to define age limits for the retention of data, but firm management is aware that life-cycle management controls are necessary to limit the growth and cost of information stores. COMPLIAnCe Lawyers are subject to defined ethical duties regarding client information. These include keeping client confidences, safeguarding client property and obtaining client consent before releasing or accepting client records and data. Failing to meet these duties can result in perceived harm to a client and can expose the firm to allegations of malpractice. At the same time, firms are more frequently involved in potential or actual claims, investigations or lawsuits. When this happens, law firms are bound by state and federal rules of discovery. They must locate, preserve and potentially produce relevant records for the matter in controversy. Firms that cannot do this face fines, sanctions and possible adverse inferences. Lawyers are also increasingly subject to regulations dealing with data privacy, security and identity theft. Examples include HIPAA and the HITECH Act, the FTC Red Flags Rules (although their application to lawyers is currently disputed), and other federal and state data privacy regulations. Many of these impose similar data security requirements on the regulated entities, and most define significant fines and penalties for data breaches. The convergence of cost and compliance issues affects a firm's ability to manage specific processes, such as information transfers for incoming and departing attorneys and clients, ethical walls, litigation holds and access to information. At the same time, the volume of data typically stored in large law firms affects the attorneys' abilities to search, retrieve and manage their information. In the absence of firm-mandated programs and controls, attorneys create their own solutions, which exacerbate difficulties associated with cost control and compliance. Therefore, many firms are embarking on the journey to implement better controls over both physical and electronic data stores. This journey constitutes a significant change management event for the legal industry. However, once successfully navigated, the results will be positive for both attorneys and management. Successful application of the "Your problem," the corporate partner wrote to me, "is that you think e-mail is a record, instead of a communication device between parties." "well," I replied, "the courts think so too."