Why Information Governance matters
to both law firms and in-house counsel
Organizations don’t just collect more data than they used to, they collect more types of data. As electronically stored information (ESI) grows in both size and complexity, it becomes increasingly important for businesses to have some sort of system in place to manage their data. In other words, organizations need to implement information governance.
Information Governance Definition
There is no singular or official information governance definition. At its most basic, information governance provides an accountability framework designed to control the storage, accessing, and manipulation of data. Understandably, information governance is particularly important to those within the IT and legal fields. IT experts need to be able to explain and expose their governance protocols, while legal firms need to be able to understand the processes of information governance and ensure that they are accurate and adequate.
How Information Governance Relates to In-House Counsel and IT
Information governance is essential to the viability of ESI throughout an organization. At every stage of copying, duplicating, and manipulating data, there needs to be a process in place in order to ensure fidelity. Because of this, rules governing information need to be integrated at all levels of an organization and its systems. This is generally the role of the IT expert, who will maintain document management systems, document backups, and other similar solutions and protocols.
But it isn’t just the IT professional that must be concerned about information governance. In-house counsels must also understand the way that information is kept and stored within their organization. For the purposes of auditing or legal holds, it must be clear how information has been stored, transferred, and altered. If there is no comprehensive strategy, in-house counsel cannot guarantee the accuracy of any corporate information. This can become exceptionally problematic during litigation.
How Information Governance Relates to Small Law Firms
Understanding how information governance works can certainly help a firm when working with clients. Also, since law firms collect, manage, and produce large amounts of ESI themselves, they need to have a framework in place for themselves.
Smaller firms need to make different decisions than larger firms; they may not have dedicated IT personnel, and they may not have the same technology available to them. At the same time, they still need to be able to adhere to all current requirements of data security and they need to provide their clients with the best service.
Boutique firms — legal and otherwise — are often targeted by cyber criminals. Legal firms, accounting firms, and medical firms all collect large volumes of client data, ranging from financial documentation to personally identifiable information. Of these, legal firms are the most likely to have the critical data that a cyber criminal is interested in. Consequently, legal firms are often targeted by cyber criminals who are looking for an easy way to compile large volumes of data at once.
Information governance isn’t only about controlling the flow of data and ensuring that there is an audit trail. It’s also about ensuring that the data is properly secured and that clients are protected. In addition to the technology that needs to be used to secure this data, employees also need to be aware of the potential risks. In smaller firms, attorneys may regularly take their data home, store data on devices that aren’t properly secured, or upload data to third-party services. All of this can disrupt information governance and potentially expose clients to risk.
Developing an Information Governance Initiative
Because information governance has to be integrated into all levels of your organization, the first step has to be developing a comprehensive plan. A written strategy provides a foundation on which these controls can be built and adhered to. Without a documented system, it can be easy for the day-to-day operations of an organization to stray. On top of that, a lack of a written document can potentially lead to disaster should an organization enter litigation.
Information governance initiatives are designed to provide for better auditing and control. When data is called into question, the information governance standards will be what are used to find the chain of edits and alterations. Better auditing processes inherently lead to better accountability throughout the organization.
But the fidelity of the information is also a critical aspect of information governance. When it comes to managing a legal firm, the accuracy of data is essential to success. If the data is corrupted or lost, the firm may not be able to complete its operations to meet its deadlines. In fact, it may not be able to complete its operations at all. This can also lead to a loss of faith among clients, who may see these issues as a lack of preparedness and professionalism. If a company must tell their clients that their data has been lost or that they need to recover their data again, it can cause significant inconvenience for the client themselves at an already tumultuous time.
Information governance also comes into play any time the chain of evidence is called into question. It’s not only the visible aspects of data that needs to be maintained but also aspects such as meta data that could otherwise be discarded by those who are not aware of governance initiatives. Once this data is lost, it may never be recovered.
Finally, data governance initiatives are also necessary to protect against cyber threats.
Because most data threats and cyber threats originate with employees rather than from outside the system itself, employee security management must first be addressed. A governance initiatives will cover the training and re-training processes that are needed to make sure that employees are well aware of the risk and are current on modern security standards.
Information governance may be a complex concept, but understanding it is critical to the success of IT professionals, in-house counsel, and legal firms. By creating well-defined protocols, all parties can be ensured that their data is both accurate and protected. For the purposes of litigation, auditing, and internal controls, information governance is the only way to ensure the absolute fidelity of data. Companies that are struggling with their information governance may want to consult with professionals directly about creating a new data and document strategy.