The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
case studies Information Security and Information Management: A Mutually Beneficial Partnership by Leigh Isaacs and Chuck Monfradi of Orrick, Herrington & Sutcliffe LLP "You cannot escape the responsibility of tomorrow by evading it today." — Winston Churchill The amount of data generated is growing in staggering proportions. At the same time, technology is rapidly improving the ways in which data are collected and shared among individuals. With increasing frequency, law firms are searching for balance between offering tools that promote efficiency, collaboration and mobility and mitigating the risk that comes with these tools. Legal requirements and client demands continue to drive the need to secure both client and firm-related data. Law firms have long struggled to understand how the information security and information management departments overlap, and firms have been hard-pressed to find a business reason for these groups to collaborate. Times have changed, however, and we're exploring some of the unexpected ways in which we found ourselves working as partners. Together we have had an epiphany that we are the joint guardians of the firm's and our clients' data. That is a hefty responsibility. Legal and ethical requirements dictate that the management of this information be done with utmost care — whether the information is being shared within or outside of the firm. This is not a simple feat when you consider that, for the most part, individuals generating and using the data are not in the business of managing or securing information. Our information security and information management teams are striving to find the right balance between collaboration and compliance and making our best efforts to meet "tomorrow's responsibility" head-on. Records Management/Information Governance The basic textbook definition of records management is the practice of maintaining an organization's records throughout their lifecycle. This includes the creation/receipt, organization, maintenance, use and disposition of records. In the law firm context, this also expands beyond work product to information and data received from clients. Taking records management one step further, information governance is a holistic approach to managing information by implementing processes, roles, controls and metrics that treat the information as a valuable business asset. In other words, it expands beyond the team of people diligently working in the records department and encompasses all departments. 38 Peer to Peer