Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Information GovernanceThe New Records Management
Terrence J. Coan, CRMSenior DirectorInformation Management Practice
Rudy MoliereDirector, Information Goverance & Records Management
Agenda
• Introductions• Law Firm Information Governance (“IG”) Think Tank• Definition of IG in law firms• Principles of IG• Advisory Board to develop the framework in your firm• Processes
IG Think Tank
• Symposium event sponsored by Iron Mountain• Steering Committees focused on:
– Defining an IG framework– It Takes a Village: Working together to managing IG– Information Security Assessment Framework– How to move forward with IG
• Nearly 50 practioners and thought leaders participated
Law Firm IG DefinedIG is an enterprise-wide approach to the management and protection of a law firm’s client and business information assets. An effective IG Program:
• Enables lawyers to meet their professional responsibility regarding client information,
• Recognizes an expanding set of regulatory and privacy requirements that apply to firm and client information, and
• Relies upon a culture of participation and collaboration within the entire firm.
With IG, firms are better able to mitigate risk, improve client service through increased lawyer productivity, and reduce the cost of managing the information needed to support the efficient delivery of legal services.
Law Firm IG Principles
• Educate all firm citizens regarding their IG duties and responsibilities
• Confirm the authenticity and integrity of information• Recognize that the official record is electronic (assuming
jurisdiction does not specify paper)• Store information in a firm-approved system or record-
keeping repository• Classify information under the correct
client/matter/administrative code• Control the unnecessary proliferation of information
Law Firm IG Principles
• Disposition information when it reaches the end of its legal and operational usefulness
• Secure client and firm confidential/personally identifiable information
• Comply with subpoena, audit, and lawsuit requests for information
• Conform all lines of business systems and practice group applications to IG standards
• Ensure third parties who hold client or firm information comply with the firm’s IG standards
Law Firm IG Advisory Board:Participants• Administrative Management (HR, Finance, Marketing, etc.)• Business Intelligence• Ethical/Legal Compliance• Firm Intellectual Property• IT System Administration/Infrastructure• Information Security and Privacy• Knowledge Management• Litigation Support• Risk Management• Records and Information Management
Processes Supporting IG
ClientIG Info
Requests
MatterMobility
DocPreservation& MandatedDestruction
PhysicalRecords
Mgmt
ThirdParty
Relationships
AdminDept Info
MobileDevices/
BYOD
ITSystemsAdmin
IGAwareness
Retention &Disposition
MatterLifecycle
Mgmt
Firm IntellectualProperty &Knowledge
Base
InfoSecurity
IGProcesses
Matter Lifecycle Management
Process Defined• The process of capturing new
client or matter information that is organized by areas of law/practice groups; includes:– Engagement documentation
and propagating client/matter authoritative information
– Systematic deactivation of matters at matter conclusion
Practical Examples• Manage matter file creation
and organization• Manage security and access
protocol• Determine close matter
protocol
Information Security
Process Defined• The process of controlling
access to information via ethical walls and confidential access controls
• Includes the protection of personally identifiable information, confidential client information and remote access to systems
Practical Examples• Evaluate, select and
implement ethical wall and matter-based security tools
• Implementing confidentiality policies and practices– Electronic Closing Binder – Filed Litigation Documents– HIPAA – PII – APO
Matter Mobility
Process Defined• The process of moving
matters and their associated information into and out of law firms
• Triggered by lateral moves, client terminations and other events
Practical Examples• Implement policy and
protocols for– Departing employees– Onboarding employees
• Coordinate with IT, RM, New Business/Conflicts, General Counsel, HR re: accepting or releasing information
Mobile Devises / BYOD
Process Defined• The process of providing
guidance on compliance with firm policies / procedures with respect to acceptable use and security of firm-issued and personally-owned devices; e.g., “bring your own device” (BYOD)
Practical Examples• Use of Firm Technology Policy• Offer firm approved
encrypted application such as Good app
• Provide secured remote connectivity
Firm Intellectual Property
Process Defined• The process of capturing and
preserving the firm’s knowledge, operational, creative and historical artifacts that hold commercial, business or strategic value
• Includes marketing, branding materials, KM, contacts, firm initiative planning
Practical Examples• Creating Business and Legal
Department matter numbers and Workspaces in DMS
• Educating Business Support leaders and Legal Department on the use of secured Firm approved repositories
Administrative Department InformationProcess Defined• The process of managing the
law firm’s internal strategic and operational information
• Includes the preservation of vital records to ensure business continuity
Practical Examples• Establish Business Support
Advisory board• Identify administrative
processes and establish business owners
• Provide guidance on functional requirements, system selection, and design and implementation
Physical Records Management
Process Defined• The process of creating and
periodically revising operational guidelines for managing physical client information assets at the law firm
• Includes file folder structures and taxonomy
Practical Examples• Establish clear standard
guidelines on receiving, maintaining and disposition of physical records
• Provide regional leadership to oversee function
• Train non-records staff on managing paper
• Discourage proliferation of paper records
IT Systems Administration
Process Defined• The process of providing
guidance on database administration; includes:– Commissioning /
decommissioning / developing systems
– Information migration
Practical Examples• Clarify system ownership and
roles• Maintain consistent
communication with IT– i.e., TechKnowlegy Committee– IM/IT Team sites– IM/IT relationship roles
• Defining protocols for the establishment and decommissioning of client team sites
Third-Party Relationships
Process Defined• The process of ensuring
consistent contracting language and defining Service Level Agreements (“SLAs”) that are compliant with firm policies regarding information access and protection
Practical Examples• Catalog the existence of third
party collections• Assign a process owner to
oversee relationship• Ensure that third party
vendor is able to act on firm established disposition rules
Client Information Requests
Process Defined• The process of responding
efficiently, consistently and appropriately to client requests regarding information governance
• Includes Request for Proposal responses, questionnaires, surveys, outside counsel guidelines, and audits
Practical Examples• Work with relevant business
units to marshal, review, revise, communicate and post all existing guidelines
Document Preservation & Mandated DestructionProcess Defined• The process of preserving
potentially responsive information, ensure the suspension of scheduled disposition
• Certifying custodial legal hold compliance during the discovery phase of litigation, investigation or audits
• Destroy information as mandated by the court or by agreement among parties
Practical Examples• Establish formal legal hold
policy and protocol• Coordinate effort with the
OGC to ensure protection of relevant information
• Coordinate between RM and IT on the disposition of relevant information
Retention / Disposition
Process Defined• The process of applying
lifecycle management practices to client and firm information, enacting disposition as authorized, and applying defensible disposition to legacy information
Practical Examples• Establish a retention /
disposition policy and supporting protocol
• Determine the disposition capabilities of key line of business systems.
• Define a defensible disposition strategies for legacy information
IG Awareness
Process Defined• The process of providing
guidance , proactive education and training to frontline support and local office administrators
Practical Examples• Team with Marketing to
establish key messaging• Conduct lawyer out reach and
program promotion• Develop and conduct formal
CLE training
Questions?
DRAFT
Thank You!
Contact Information
Rudy MoliereWhite & Case LLP
Terrence J. Coan, CRMHBR Consulting LLP