COVID-19 has forced a digital transformation across all economic sectors but perhaps impacted the legal industry to a much higher degree than other regulated industries. Many law firms had to transition from accessing sensitive client data exclusively when connected to their on-premises servers, to allowing employees full remote access to files, relying heavily on cloud based data sharing tools, and use of collaboration platforms like Zoom and Teams to work with clients.
This overnight “lift and shift” allowed the legal industry to continue to thrive during a global pandemic, however many law firms didn’t keep up with the compliance and information governance regulations regarding how unstructured data should be stored, shared, and protected now that it lives in the cloud.
In a recent IPRO Morning Show we hosted on LinkedIn Live, I spoke with host Nick Inglis, IPRO’s director of Information Governance, about how this has resulted in the “IG Malpractice” conundrum that is affecting up to 80% of legal firms worldwide.
Follow your own IG advice
Malpractice may seem to be a strong term to use for this issue, but I decided to use it intentionally since it carries gravitas in the legal industry. By not properly governing their ever-increasing amount of data, law firms are not following the IG advice they pass on to clients—thus the sense of malpractice.
Remember the adage of the cobbler’s children who had no shoes because their shoemaker father spent all his time making shoes for paying customers?
It’s the same for law firms – most are focusing on providing advisory services without first looking at how to become better custodians of the information assets they manage on behalf of their clients. This is understandable as there’s currently a lot of work for legal professionals to assist clients with IG processes. However, being busy is not a good reason for your firm to neglect understanding and implementing your own IG advice.
Where does your firm stand with IG?
Like with all IT initiatives, some firms have been early adopters of IG processes and solutions while others are laggards. Our research data shows that approximately 10% of firms currently have an adequate level of maturity regarding Policy, Process, and Technology. These leading firms can be considered competent Advisors in the sense that they are living effective Information Governance by example.
Roughly 40% of firms are running some level of IG processes, but haven’t established clear IG Program objectives, resulting in ad-hoc, poorly aligned decisions, and a much higher level of risk. Sadly, this leaves more than half of all firms as laggards who are just getting started with IG.
The legal industry has never had more ways to create, share, or store unstructured data. Now that your firm has deployed cloud-based collaboration solutions, you need to validate that you can preserve and restore not just files or email messages, but many new data elements like team-based chats or transcripts of meetings. To ensure that your IG and Privacy practices are credible, you need to demonstrate that your firm is managing data in accordance with IG best practices, including the most recent privacy and regulatory policies.
This alignment will certainly resonate with your clients, as your partners will now go beyond providing theoretical counsel, adding real-world, battle-tested advice on how to achieve maturity with Information Governance programs by confirming how it’s being done at your firm.
Information should be an asset, not a risk
Investing in running internal workshops to clearly establish, and publish, clear and actionable Information Governance Policies across how information is created, stored, shared, and preserved at your firm is a great step toward getting the wheels in motion towards achieving success with a comprehensive IG program.
Beyond ensuring they practice what they preach to clients, law firms also need to minimize the impact of potential data breaches. Law firms of all sizes have become a clear target since by default they are natural consolidators of sensitive corporate and personal data, often across multiple countries. A few simple actions can make a big difference, such as reducing the amount of information firms are preserving far beyond required retention periods. Recent attacks against high profile firms are a wake-up call for you to validate that your firm is practicing proper data hygiene.
In conclusion, it is great that most firms are becoming far more active in providing advice on data privacy, compliance, and defensible deletion. Senior partners now need to spend more time encouraging their IT, Privacy, and Governance team leads to better understand how unstructured data creates value or risk for the firm, inspiring them to become more effective data stewards by practicing what they preach.
[View source.]
