The discipline known as information governance has risen in visibility and application over the past year. And the bigger a law firm is, the more data it generates and stores-and must control and keep safe. Smaller firms may have more difficulty than larger ones in carrying out policies for storing and using information because it is more time-consuming and expensive for them per lawyer. So they may need to set priorities. But every firm faces exponential growth in its troves of information. And experts say all law firms should have procedures in place to ensure that their members comply with legal requirements for data security-and they should be able to prove they're following through. "A 100-lawyer firm is probably going to end up making different choices from a 1,000-lawyer firm," says Terry Coan, a senior director for HBR Consulting in Los Angeles and leader of its practice in information governance and risk management. As for small firms, he says, "It's harder for them. There [are] a lot more manual steps involved." The International Legal Technology Association found in a survey of 454 firms in 2014 that information governance was one of lawyers' three biggest security concerns. But only 26 percent of the surveyed firms with 150 to 349 attorneys had information-governance strategies or policies; the rate at larger firms ranged from 43 percent to 59 percent. And almost half the firms said they don't restrict the type or amount of data uploaded to their network drives, which risks hastening data overload and weakening security and makes it harder for them to manage their information. Law firms with 100 attorneys or more should start the process by forming an information-governance committee, according to Bennett B. Borden, a partner at Drinker Biddle & Reath and founder of the Information Governance Initiative. Borden has co-chaired Drinker Biddle's information-governance practice since 2013, and the firm has launched a technology consulting subsidiary, Tritura, that helps companies use technology to solve governance challenges. "Fundamentally, a lawyer's product is information," says Borden. "In this information age, lawyers who are better at understanding how information is created and how to use it will have a strategic advantage." Practically speaking, consultant Coan says, firms can't simply prohibit their members from making and keeping extra electronic copies of documents: "Half the battle is educating users about what we need to keep and, if it's worth keeping, here's where we are going to keep it and, when the [retention] period has run, here's how we're going to dispose of it." Coan specified five main elements that should be part of a strong program for managing a firm's operational and client information:
- leadership and accountability;
- guidelines about firm members' legal, ethical, and business obligations;
- procedures for classifying information, safely storing it in the firm's designated repository, and disposing of it on time;
- related systems and technology; and
- training about the program-and monitoring of compliance.