To quote the old television show Dragnet, the story you are about to hear is true.
An attorney sends a client document to his personal Gmail account. He just wants to be efficient. But when a phishing expedition compromises his email, he and his firm are in real trouble. A firm stores paper records in a back office when an electrical fire breaks out. The automatic fire suppression system kicks in, and it’s too late for the paper records. No one ever listed the contents in a centralized index, let alone scanned digital copies.A law firm does not methodically follow GDPR (General Data Protection Regulation) regulations. When their large corporate client gets in trouble for noncompliance, they dump the firm like a nuclear potato.
When law firms do not formally govern their information, they are at real risk of these scenarios and more.
Why Don’t More Firms Practice Information Governance?
No law firm simply decides to ignore records management or information governance (IG). They’re sold on the value of it. The problem is that information governance isn’t easy to do, and law firms, even large ones, simply do not know how to do it. So they don’t, which leads to low IG adoption rates and higher risk to law firms.
Building the Framework
When a firm decides to implement an IG framework, it is crucial for them to work with as strategic partner to build, deploy, and manage the program. A meaningful framework will create systemized information governance discovery and management throughout the firm.
When a firm is ready to being the IG framework process, the following steps should be considered:
Information Governance Process Steps
Define scope and goals: RIM (records and information management) experts meet with partners and practice areas to understand the project’s scope and goals.
Assess current governance: Assess current information governance, and create a new framework to secure all information across locations, practice areas, and workgroups.
Define policies: Create information handling policies that secure data in accordance with privacy, regulatory, legal, and operational requirements. Keep the policy statements simple and straightforward.
Create procedures: Write down the procedures that support the policies including document guidelines, practices, workflows, and technology usage. Establish clear ownership and record types, such as identifying records by firm or client. Also create procedures to protect confidential communications, secure data against hacking and internal error, and protect authorized user access.
Communicate: Communicate policies and procedures to all firm employees, including partners. Help employees understand how policy and procedures apply to everyday work activities, and make it simple for them to follow secure procedures.
Ongoing management: Build in monitoring and reviews, so that as technology and regulations change, your dynamic framework changes with it.
Benefits of Proactive Governance
Lower cost and risk: The governance assessment reveals inefficient and risky procedures. This enables the firm to save money and time with efficient new workflows, and considerably lowers the risk of unhappy clients and government regulators.
Improve communication: Better information workflows improve communications between siloed practice areas. Attorneys work together to build better client service and strategies.
Accelerate information finding: An effective document management system lets authorized users quickly locate the records they need, and supports policy-driven information security.
Proactive protection: Financial investment becomes a proactive strategy instead of an emergency clean-up expense. It is far better to spend the money and time to develop an IG framework now, than to risk higher costs and reputation loss from poor practices.
Competitive advantage: Businesses are more sensitive than ever to the dangers of poor information security and management. An information governance framework becomes a competitive advantage to the law firm, attracting more clients and retaining existing ones.
This article was published in Epiq blog page