The discipline known as information governance has risen in visibility and application
over the past year. And the bigger a law firm is, the more data it generates and stores-and
must control and keep safe.
Smaller firms may have more difficulty than larger ones in carrying out policies for
storing and using information because it is more time-consuming and expensive for
them per lawyer. So they may need to set priorities. But every firm faces exponential
growth in its troves of information. And experts say all law firms should have procedures
in place to ensure that their members comply with legal requirements for data security-and
they should be able to prove they're following through.
"A 100-lawyer firm is probably going to end up making different choices from a 1,000-lawyer
firm," says Terry Coan, a senior director for HBR Consulting in Los Angeles and leader
of its practice in information governance and risk management. As for small firms,
he says, "It's harder for them. There [are] a lot more manual steps involved."
The International Legal Technology Association found in a survey of 454 firms in 2014
that information governance was one of lawyers' three biggest security concerns. But
only 26 percent of the surveyed firms with 150 to 349 attorneys had information-governance
strategies or policies; the rate at larger firms ranged from 43 percent to 59 percent.
And almost half the firms said they don't restrict the type or amount of data uploaded
to their network drives, which risks hastening data overload and weakening security
and makes it harder for them to manage their information.
Law firms with 100 attorneys or more should start the process by forming an information-governance
committee, according to Bennett B. Borden, a partner at Drinker Biddle & Reath and
founder of the Information Governance Initiative. Borden has co-chaired Drinker Biddle's
information-governance practice since 2013, and the firm has launched a technology
consulting subsidiary, Tritura, that helps companies use technology to solve governance
challenges.
"Fundamentally, a lawyer's product is information," says Borden. "In this information
age, lawyers who are better at understanding how information is created and how to
use it will have a strategic advantage."
Practically speaking, consultant Coan says, firms can't simply prohibit their members
from making and keeping extra electronic copies of documents: "Half the battle is
educating users about what we need to keep and, if it's worth keeping, here's where
we are going to keep it and, when the [retention] period has run, here's how we're
going to dispose of it."
Coan specified five main elements that should be part of a strong program for managing
a firm's operational and client information:
- leadership and accountability;
- guidelines about firm members' legal, ethical, and business obligations;
- procedures for classifying information, safely storing it in the firm's designated
repository, and disposing of it on time;
- related systems and technology; and
- training about the program-and monitoring of compliance.
Information governance is often seen as an effort to secure all of the information
and data belonging to a firm and its clients-and keep it private. But there's more
to it than that, says Dean Gonsowski, vice president of business development for Recommind,
a provider of e-discovery and search applications. "Governance is about trying to
harness the value of your information while minimizing the risks," he says.
Forward-thinking firms are beginning to see benefits to information governance beyond
speeding e-discovery and improving document management. For instance, savvy firms
can use information-governance tools to analyze the data they have and provide insights
into it, Gonsowski says.
Pathway to Governance
All this would be easier if law firms could just buy generalizable software that would
automatically provide governance. Unfortunately, because information governance extends
across technologies that include storage, email, records management, and even social
media, that's not possible, says Borden of Drinker Biddle. Moreover, information governance
is more a way of doing business than a set of products.
"The technology is there; how people want to use the tech and their internal policies
are not there," agrees Gonsowski. He outlines three steps for implementing information
governance:
1. Gain visibility. Allow staffers charged with managing information to see how often
each file is used and when it was first stored and last used.
2. Categorize. Much of the stored information may be uncharacterized; to bring some
order to the data and make it more findable, create logical categories such as "personnel
records."
3. Begin action. Now, the firm can adopt and begin applying rules for how long categories
of information will be retained, when information is moved, and whether and when it
may be deleted.
The Clutter Challenge
Actually deleting information is harder than it sounds, according to Jim Obrien, general
counsel at Actiance, an information-governance technology company. If you look at
the allowed uses for a particular file, he says, "Just because you claim you don't
store something doesn't mean it's not on someone's desktop, phone, or iPad. You don't
get to answer a discovery request based on what your policy is," he notes. "It has
to be based on reality. You don't want to sign pleadings or a discovery response saying,
'This is all the information we have,' and then find out that, because we didn't look
on this staffer's USB drive, that wasn't true."
Lawyers need to keep track of their information in an organized way, and they have
to understand their firm's IT infrastructure.
Though few companies have a chief information governance officer, some have governance
committees or steering committees, Gonsowski says. These may include a privacy officer,
an information security officer, a compliance officer, someone from records management,
and someone in litigation. That way, he says, each "piece of data has a lot of different
lenses put on it."
Of course, all those potentially different but important perspectives are what make
information-governance decisions such a challenge.
The International Legal Technology Association offers educational content, research,
and peer support for legal professionals using technology (
www.iltanet.org).
The Information Governance Initiative is a cross-disciplinary consortium and think
tank focused on advancing information governance across industries; it offers webinars
and workshops (
www.iginitiative.com).
Susan Kuchinskas covers business, technology, and the business of technology for publications
that include Scientific American, Portada, and Telematics Update.
Donna Mallard
Daily Journal Staff Writer
