The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
Trend 4 — Information Access Managed by Technology Regardless of the underlying drivers, firms are increasingly turning to technology to improve internal information security. This approach enables firms to enhance confidentiality management, offering the ability to define limited-access matters in an otherwise open environment, to pursue a hybrid or phased approach to DMS closure, or to enact wholesale DMS lockdown. Only through automated tools can organizations safely scale confidentiality management. This approach also provides added benefits, including active monitoring and updates of restrictions, and audit-trail reporting suitable for client audits or certification efforts. According to a recent industry survey by CNA, 84 percent of firms have confidentiality management platforms in place to systematically manage and update access rights to all information systems. Technology can provide automated and delegated administration capabilities. For those interested in more tightly restricted or "closed by default" access models, this gives matter team leaders the option to self-administer and add or remove lawyer and staff access. Or, it can be used to define dynamic group rules that intelligently and automatically update group membership and access rights in response to defined business rules as team composition changes (e.g., updating rights based on department, location or other parameters). In practice, integrating these matter team management controls into internal processes addresses concerns that access barriers will impede lawyer and staff productivity. The Constant Trend — Information Risk Is Here to Stay Certification or technology alone will never take the place of prudent and active management by knowledgeable risk, IT and business stakeholders. One firm pursuing a more rigorous internal access model declared that this change alone would not be sufficient in itself to address client concerns. Clients still harbor doubts about the human activity associated with managing these controls and the chance of error, omission or worse. Professional rules and regulations also keep information security front-of-mind: • In the U.S., draft rule updates before the American Bar Association seek to address electronic information. For example, Proposed Rule 1.0(k) seeks to explicitly modernize information barrier requirements: "Advances in technology have made client information more accessible to the whole firm, so the process of limiting access to this information should require more than placing relevant physical documents in an inaccessible location; it should require appropriate treatment of electronic information as well." James Edwards collaborates with law firms to address critical challenges tied to information risk management, policy creation and enforcement, and compliance reporting. Before joining IntApp, James oversaw risk management and business intake processes at Squire, Sanders & Dempsey LLP, where he managed a team of 80+ risk professionals and defined and implemented firmwide policies and practices for intake, conflicts, antimoney laundering, audit letter response, regulatory compliance, records management and docketing. He can be contacted at james.edwards@intapp.com. Odette van Ommen works with law firms to address client confidentiality, regulatory compliance and risk management issues. She possesses extensive experience in policy formation, process creation and change management for large-scale information risk management and compliance initiatives. Odette has been invited to advise multiple legal governing bodies in formulating best practice standards. Before joining IntApp, she was a practicing litigation lawyer at Davies Arnold Cooper LLP. She can be contacted at odette.vanommen@intapp.com. • In Europe, proposed changes to the EU Data Protection directive would mandate that organizations should "have regard for the state of the art" with respect to the measures they use to protect the personal data they store: "…in particular, taking into account developments in technology…" A Plain View of Information Security If information is the new oil, it has tremendous (and growing) value; but it also needs to be guarded, along with the environment in which it resides. IT and risk teams have a critical role to play in both regards. They need to foster an environment where the power of that information can be fully harnessed, ensure that firms are aware of evolving industry information security trends so they can make informed decisions about how best to manage associated risks and encourage the adoption of policies, practices and software tools that protect their organizations, allowing them to respond to client and other external requirements, and provide the foundation for a secure (and trouble-free) future. 70 Peer to Peer