Big data presents numerous data governance challenges: Regulatory compliance, information security and risk management and are all complicated by the amount of data generated by the average business today.
Law firms are very affected by this exponential data growth and the increased importance of information governance processes. Clients increasingly require — and demand — higher standards for how lawyers secure their data and manage access to it.
“It’s becoming important to law firms because clients are making it important to law firms,” said Rudy Moliere, director of records and information at Morgan Lewis & Bockius, LLP. “There is an increasing need for them to manage their information.”
Moliere is one of the authors of two new reports titled “Building Law Firm Information Governance: Prime Your Processes” and “Emerging Trends in Law Firm Information Governance” that focus on how the legal field manages, secures and accesses information. The reports were written by a handful of information management professionals from U.S. law firms, and published by Iron Mountain, Inc.
The reports are designed to provide law firms a blueprint for creating information security policies and processes, and making data readily available to both staff and clients. The reports were developed during a symposium held earlier this year.
“In the legal environment, information governance is becoming more of a requirement than an option, especially as more clients want to know how their information is being protected,” said Brianne Aul, senior manager of Firmwide Records, Reed Smith LLP, and a member of the symposium steering committee, in a statement.
“Clients have very valid expectations that their outside counsel will have policies and protocols for keeping information secure.”
In addition to clients making these information governance and security demands, they are also auditing firms to ensure firms are meeting regulatory and security requirements. New and expanding compliance regulations are forcing those in the legal field to closely examine their approach to information governance. The HIPAA Omnibus rule, for example, extends Health Insurance Portability and Accountability Act compliance to business associates of the typical covered entities directly involved in patient care, including law firms.
This increased focus on data management as it relates to staying compliant is having a major effect on legal information governance, said Carolyn Casey, Esq., senior manager, legal vertical for Iron Mountain.
“In the past, law firms were of the mind that they advise clients on regulatory compliance,” Casey said. “I think, more and more, it’s really turning back to the law firms itself.”
Another driver of this trend is the increased scope of cyberthreats, and the federal government’s reaction to them. Earlier this year, President Barack Obama signed an executive order requiring federal agencies to share cybersecurity information with private companies.
The order also requires the creation of a cybersecurity framework designed to reduce risks to U.S. companies that provide critical infrastructure.
“In correlation with that new executive order, [it] stepped up interest by clients in just how law firms are managing that sensitive information that corporate clients entrust to them,” Casey said.
A new approach to information governance has huge benefits to the law firms themselves, according to the reports’ authors. These include operational efficiencies and a reduction in data management costs, as well as mitigating the law firms’ risk of security breaches and non-compliance.
As the amount of information law firms are responsible for continues to grow, the need to quickly access, classify and protect that information becomes a key issue from a legal standpoint. By making information governance processes a bigger part of everyday operations, law firms can make sure data is readily available and protected, said the reports’ authors.
“Proliferation of information has been happening for quite some time,” Molier said, but until recently “we didn’t have a clear understanding what exactly information governance meant in a law firm environment.”