Peer to Peer Magazine

www.iltanet.org 30 Peer to Peer CASE STUdIES O ur firm made a strategic investment in confidentiality and compliance management technology several years ago when we saw our peers taking similar steps. Originally, our focus was addressing ethical screening requirements, which frequently crop up when new attorneys join the firm. We implemented an application that automates the enforcement of real- time access controls. Today, using a Web-based interface, IT or non-technical risk stakeholders can instantly create policies, communicate those policies to affected personnel and activate document access restrictions. Additionally, scheduled e-mail or on-demand Web-based reports provide IT and firm management with visibility for tracking and internal audit purposes, eliminating the need for complex and time-consuming manual tabulation. By enhancing our confidentiality management capabilities, our firm has achieved significant business and risk management benefits that continue to pay ongoing dividends. These benefits include the ability to respond promptly and properly to client requests for access controls around sensitive matters or business information. This provides the firm with a competitive advantage in RFP situations versus organizations relying on legacy approaches or less mature protective measures. Most recently, we've found that our strategy has well prepared us to comply with new and emerging government regulations. While the controversial FTC Red Flag Rules are currently on hold, based on a challenge by the ABA, several other confidentiality rules have gone or will go into effect that explicitly apply to law firms. These include the HITECH Act of 2009, which extends HIPAA rules for personal health information to non-healthcare providers, and the Massachusetts Privacy Law, which mandates similar protections for other personal data. These rules are important because they not only include audit requirements and penalties for violations, but they also mandate compulsory public notification for breaches. At the most extreme level, this notification must include the local press along with affected individuals. Therefore, it's vitally important that firms coming into contact with relevant information have the means to tightly control, track and monitor internal access to it through automated confidentiality controls. Any organization that attempts to address this broad range of confidentiality compliance requirements manually is simply creating unwarranted and unnecessary risk for itself. Given the complexity of most firm environments, with high matter volume, changing matter teams and high levels of collaboration, it's nearly impossible to keep policies and controls up-to-date without allocating full-time resources to the job. For us, using software instead of hiring or allocating resources to these tasks made sense on multiple levels. When we made our original decision to enhance our existing confidentiality procedures with technology, we felt it was the most prudent and proven response to the new requirements and expectations facing our industry. Our confidentiality management system has provided the firm with significant protection and provided management with greater peace of mind. It also gave IT the opportunity to contribute visibly to the firm's risk management and compliance efforts. ILTA Firm Confidentiality: Hinckley Allen & Snyder LLP by John Guyer ". . . our firm has achieved significant business and risk management benefits that continue to pay ongoing dividends." Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . John Guyer Company . . . . . . . . . . Hinckley Allen & Snyder LLP Number of Attorneys . . . . . . . . . . . . . . . . . . . . . . 152 Number of Offices . . . . . . . . . . . . . . . . . . . . . . . . . . 4

• Cover