Originally published by California Lawyer.
The discipline known as information governance has risen in visibility and application over the past year. And the bigger a law firm is, the more data it generates and stores-and must control and keep safe.
Smaller firms may have more difficulty than larger ones in carrying out policies for storing and using information because it is more time-consuming and expensive for them per lawyer. So they may need to set priorities. But every firm faces exponential growth in its troves of information. And experts say all law firms should have procedures in place to ensure that their members comply with legal requirements for data security-and they should be able to prove they’re following through.
“A 100-lawyer firm is probably going to end up making different choices from a 1,000-lawyer firm,” says Terry Coan, a senior director for HBR Consulting in Los Angeles and leader of its practice in information governance and risk management. As for small firms, he says, “It’s harder for them. There [are] a lot more manual steps involved.”
The International Legal Technology Association found in a survey of 454 firms in 2014 that information governance was one of lawyers’ three biggest security concerns. But only 26 percent of the surveyed firms with 150 to 349 attorneys had information-governance strategies or policies; the rate at larger firms ranged from 43 percent to 59 percent. And almost half the firms said they don’t restrict the type or amount of data uploaded to their network drives, which risks hastening data overload and weakening security and makes it harder for them to manage their information.
Law firms with 100 attorneys or more should start the process by forming an information-governance committee, according to Bennett B. Borden, a partner at Drinker Biddle & Reath and founder of the Information Governance Initiative. Borden has co-chaired Drinker Biddle’s information-governance practice since 2013, and the firm has launched a technology consulting subsidiary, Tritura, that helps companies use technology to solve governance challenges.
“Fundamentally, a lawyer’s product is information,” says Borden. “In this information age, lawyers who are better at understanding how information is created and how to use it will have a strategic advantage.”
Practically speaking, consultant Coan says, firms can’t simply prohibit their members from making and keeping extra electronic copies of documents: “Half the battle is educating users about what we need to keep and, if it’s worth keeping, here’s where we are going to keep it and, when the [retention] period has run, here’s how we’re going to dispose of it.”
Coan specified five main elements that should be part of a strong program for managing a firm’s operational and client information:
- leadership and accountability;
- guidelines about firm members’ legal, ethical, and business obligations;
- procedures for classifying information, safely storing it in the firm’s designated repository, and disposing of it on time;
- related systems and technology; and
- training about the program-and monitoring of compliance.
Information governance is often seen as an effort to secure all of the information and data belonging to a firm and its clients-and keep it private. But there’s more to it than that, says Dean Gonsowski, vice president of business development for Recommind, a provider of e-discovery and search applications. “Governance is about trying to harness the value of your information while minimizing the risks,” he says.Forward-thinking firms are beginning to see benefits to information governance beyond speeding e-discovery and improving document management. For instance, savvy firms can use information-governance tools to analyze the data they have and provide insights into it, Gonsowski says.
Pathway to Governance
All this would be easier if law firms could just buy generalizable software that would automatically provide governance. Unfortunately, because information governance extends across technologies that include storage, email, records management, and even social media, that’s not possible, says Borden of Drinker Biddle. Moreover, information governance is more a way of doing business than a set of products.
“The technology is there; how people want to use the tech and their internal policies are not there,” agrees Gonsowski. He outlines three steps for implementing information governance:
- Gain visibility. Allow staffers charged with managing information to see how often each file is used and when it was first stored and last used.
- Categorize. Much of the stored information may be uncharacterized; to bring some order to the data and make it more findable, create logical categories such as “personnel records.”
- Begin action. Now, the firm can adopt and begin applying rules for how long categories of information will be retained, when information is moved, and whether and when it may be deleted.
The Clutter Challenge
Actually deleting information is harder than it sounds, according to Jim Obrien, general counsel at Actiance, an information-governance technology company. If you look at the allowed uses for a particular file, he says, “Just because you claim you don’t store something doesn’t mean it’s not on someone’s desktop, phone, or iPad. You don’t get to answer a discovery request based on what your policy is,” he notes. “It has to be based on reality. You don’t want to sign pleadings or a discovery response saying, ‘This is all the information we have,’ and then find out that, because we didn’t look on this staffer’s USB drive, that wasn’t true.”
Lawyers need to keep track of their information in an organized way, and they have to understand their firm’s IT infrastructure.
Though few companies have a chief information governance officer, some have governance committees or steering committees, Gonsowski says. These may include a privacy officer, an information security officer, a compliance officer, someone from records management, and someone in litigation. That way, he says, each “piece of data has a lot of different lenses put on it.”
Of course, all those potentially different but important perspectives are what make information-governance decisions such a challenge.
The International Legal Technology Association offers educational content, research, and peer support for legal professionals using technology (www.iltanet.org).
The Information Governance Initiative is a cross-disciplinary consortium and think tank focused on advancing information governance across industries; it offers webinars and workshops (www.iginitiative.com).
Susan Kuchinskas covers business, technology, and the business of technology for publications that include Scientific American, Portada, and Telematics Update.