2013 Law Firm Information Governance Symposium Executive Summary
The adoption of effective information governance (IG) has become critical in law firms. Clients remain highly interested in how firms govern their information in light of increased regulatory requirements for personally identifiable information (PII) and personal health information (PHI). Information security has become more complex with lawyers’ increased use of mobile devices to access information and the growth of cyber-threats. The Law Firm Information Governance Symposium (Symposium) was established in 2012 as a think tank to give the legal industry a roadmap for addressing the impact of these and other trends on how law firms operate. Our first publication, the 2012 A Proposed Law Firm Information Governance Framework (Proposed Framework) offered firms an initial IG framework that included proposed guiding principles, key processes definitions, best practices and methods for starting an IG program.
The Symposium Steering Committee, Work Group Participants and Iron Mountain are pleased to provide the legal community with two new publications from the 2013 Symposium. In one report, Building Law Firm Information Governance: Prime Your Key Processes, we do deeper into the “how to” of building information governance in law firms. In a tandem report, the 2013 Emerging Trends in Law Firm Information Governance, we offer insights into three emerging trends impacting law firm information governance: big data, predictive coding and the 24/7 law firm. It is our hope that firms will use these reports to infuse IG into their unique processes and culture, and gain the client service improvement, risk mitigation and cost containment benefits we believe result from effective information governance.
What follows is a summary of the key points addressed in each of the five main sections of this year’s reports:
- How to Start an Information Governance Advisory Board
- How to Build Information Governance into Key Processes
- Big Data and What It Means to Your Firm
- Predictive Coding for Information Governance
- Using Information Governance as a Foundation for a 24/7 Law Firm
How To Start An Information Governance Advisory Board
Developing an IG Advisory Board as a decision-making body tasked with guiding and building governance policies and processes is a key first step for firms hoping to build an IG framework that supports the way lawyers work today. They can accomplish this by:
- Identifying the stakeholders that should comprise the IG Advisory Board
- Listing the specific responsibilities of the IG Advisory Board
- Naming an IG “champion” who will act as an ambassador for the Advisory Board
- Gaining support for the IG Advisory Board by addressing common triggers or pain points
- Assessing the level of risk and reward of specific projects to help prioritize the board’s agenda
- Choosing a Chief Information Governance Officer (CIGO) that is responsible for planning, implementing and directing a firm’s IG programs
How To Build Information Governance Into Key Processes
In order to effectively incorporate IG into key processes, firms must be aware of the common challenges in each area and what best practices can be employed to overcome them. The processes firms should focus on include:
- IT Systems Administration involves integrating IG principles into systems selection and implementation, administration and maintenance, so firms can work within limited budgets, manage unstructured data growth and meet litigation and compliance requirements.
- Information Governance Awareness includes guidance and proactive education and training for the enterprise, helping firms develop a comprehensive communication system that promotes IG awareness throughout the organization.
- Matter Lifecycle Management is the process of capturing new client or matter information and organizing it according to governance mandates. With consistent, documented IG processes for opening, closing and managing matters, firms can increase efficiency and improve compliance.
- Records and Information Management (RIM) involves the management of information in all forms, regardless of media or repository. When IG is built into RIM practices, firms always know where key information is stored, that it meets retention policies and that it has been destroyed when appropriate.
- Retention Disposition includes the application of lifecycle management practices to client and firm information. After employing IG best practices in this process, firms can confidently keep what they need and destroy what they don’t, while complying with all relevant mandates and/or legal holds.
- Matter Mobility is the process of moving matters and their associated information into and out of law firms. IG enables firms to move information in accordance with established standards, so it is always securely transferred, clears conflicts and follows client authorizations.
- Information Mobility: Remote Access/Mobile Devices/BYOD involves the acceptable storage, use and security of client information on firm-issued and personally owned devices. As adoption of these devices grows, firms can apply IG best practices, for example by wiping data remotely when a device is lost or stolen, to ensure comprehensive information security going forward.
- Information Security is a large topic for law firms, but at its heart it is all about controlling access to information. IG best practices call for firms to create a defined information security policy, educate users on how to follow it and enforce compliance via monthly reports and reviews.
- Client Information Requests can involve multiple areas within a firm’s IG program and information from several departments. Therefore, it is important to designate a “risk champion” or “risk team” that can review the information before it is submitted to the client to ensure not just accuracy, but also compliance with relevant mandates.
- Document Preservation and Mandated Destruction includes the preservation, suspension and disposition of information during the discovery phase of litigation, investigations and audits. An IG best practice is to develop an electronic sign-off process that rationalizes all current holds and destruction orders, so information is never retained longer than required.
- Administrative Department Information is the process of managing the firm’s internal, strategic and operational business information to ensure business continuity, compliance and litigation preparedness. This is an area where senior management support and training and education are required to increase visibility of IG best practices and improve collaboration among stakeholders.
- Firm Intellectual Property (IP) involves capturing and preserving the firm’s knowledge, operational, creative and historical artifacts holding commercial, business or strategic value. IG can help firms define what is/is not true IP, ensure that IP is adequately secured and establish a process for treating precedential documents within firm systems.
- Third-Party Contracting is about ensuring consistent contracting language and defining SLAs in accordance with firm policies regarding information access and protection. IG best practices call for the creation of standardized, auditable processes wherein vendors are vetted, compliance requirements and firm policies are integrated into contracts and all agreements are reviewed and approved by the firm and third parties.
- Monitoring Key Processes involves firms continuing to monitor and evaluate IG processes on a regular basis to ensure that they are meeting the goals of the program. Establishing an IG Advisory Board and framework and identifying unique metrics to evaluate key processes are two important steps firms can take to ensure IG adoption and evolution into the future.
Big Data and What It Means To Your Firm
Because law firms are large storehouses of a wide variety of information, they need efficient ways to mine value
and mitigate risk from the vast amount of data they collect — and big data can help them do just that. Topics in this
- Examining the opportunities around big data, specifically how it can help firms maximize the quality and value
of services provided, improve firm profitability, understand and secure their data and reduce their data storage
and maintenance costs
- Identifying the IG processes that will most benefit from big data concepts, including Information Security,
Administrative Department Information, Document Preservation and Mandated Destruction, Records
and Information Management and Retention Disposition
- Defining the goals of a big data project and involving the right departments within a firm to carry it forward,
such as IT, Finance, Business Development and Knowledge Management
- Learning from big data success stories, such as how one firm harnessed case management data into a workflow
system that simplifies its pricing model by breaking down cases into actions — and drives a dashboard clients
can click through to monitor cases and stabilize their legal spend
Predictive Coding For Information Governance
Predictive coding is a form of technology-assisted review (TAR) that can be used for applying IG within a firm.
It leverages automatic classification and coding functionality to bring order to structured and unstructured data.
Topics in this report include:
- Understanding predictive coding and how it can be used to reduce the time and resources required for eDiscovery
- Reviewing practical applications of predictive coding in law firms, such as for back-file and day-forward classification
- Learning how predictive coding can improve IG on hard-to-administer repositories, such as shared drives, hard drives,
SharePoint®, unstructured email and more
- Using predictive coding to automate fundamental records and information functions around email, retention
and disposition, legal holds, security and privacy and more
- Selling a predictive coding project internally by developing a proof of concept and showing how the technology
will benefit lawyers and the business
- Training the predictive coding system to be an essential component of an overall IG strategy
Using Information Governance As A Foundation For A 24/7 Law Firm
With the growing demand for constant access to information, today’s 24/7 law firms are looking for ways to equip
attorneys with the resources they require to respond to client needs around the clock — from office to home, hotel
to airport. Topics in this report include:
- Analyzing the new technology, processes and personnel structures firms are considering to support
attorneys’ need to work anytime, anywhere
- Identifying potential IG problem areas for the 24/7 firm, including consumer technologies, personal email,
mobile devices, physical records, data privacy and environmental concerns
- Developing a blueprint for mitigating these risks through education and establishment of new policies
and procedures regarding data being used outside of firm offices
- Building an IT support structure that can analyze and address users’ needs, manage business continuity
and leverage technologies, such as physical record imaging, where it makes sense