Information Governance for lawyers – what you need to know

by Simone Otenaike


Legal hot topics

information governance 1*This is the first of 3 posts covering Information Governance.

Information Governance or “IG” is “the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”  Don’t be fooled by one of the most basic of definitions online for a nuanced and complex concept (from the Information Governance Initiative). While it seems straightforward, IG encompasses a number of factors including all of the policies and procedures required to manage information at the enterprise level. A robust IG plan takes into consideration current and future risks (legal, regulatory, environmental, etc.) to support strategic and operational goals. This is especially important for law firms due to the very nature of the legal industry (sensitive information being stored, distributed, and destroyed on behalf of clients).

IG and the Legal Industry

Let’s quickly unpack some straightforward reasons why it behooves you to have a working knowledge of IG if you’re in the legal industry.

  • Law firms are required to store, manage, and destroy information according to specific guidelines at the state, federal, and international level. That topic warrants a separate post so we’re diving into it next week.
  • While client expectations regarding privacy and information security often vary along generational lines, concern is growing across the board as examples abound of highly sensitive personal information being exposed.
  • Security breaches are on the rise, with law firms being a top target. This is especially true when it comes to the financial industry.
  • There’s a strong business case (see here and here) for developing an IG plan that can come into play when deciding on firm strategy and growth (they span from mitigating risk to lowering costs).

Iron Mountain concisely summarizes how IG can be aligned with your current business processes (and provides a compelling business case behind developing and/or beefing up your IG plan – find the full white paper here).  Only a few are listed for the sake of brevity:

  • Information Security – For many, the crux of IG is controlling access to information. In developing an IG plan for your firm, you need to define an information security policy, proactively informing users how to follow and enforce compliance internally and linking information security to the firm’s short and long-term success.
  • Firm Intellectual Property (IP) – The capture and preservation of key information that influences tactical and strategic decisions in the firm (in essence, the most valuable information is retained and there’s an established process for managing these important documents throughout various system changes).
  • Information Governance Awareness – Proactive organization-wide training that that establishes IG awareness and specific goals, promoting them throughout the firm.
  • Information Mobility: Remote Access/Mobile Devices/BYOD – Can you wipe data remotely in the event that a firm-issued phone or laptop is lost or stolen? Think of all the different devices you use to access sensitive information that are not just firm-issued but also personally-owned. This phenomenon will grow as more devices come on the market and as more employees work remotely, requiring access to information around-the-clock.
  • Records and Information Management (RIM) – Managing information of all forms so you know where key information can be found, that you’re following retention policies, and that it’s destroyed according to procedure.
  • Client Information Requests – This encompasses different areas within a firm and information from multiple departments. Establishing a person or team to review information prior to it being sent to a client supports the goal of accuracy and meeting compliance mandates.

The list goes on to include matter lifecycle management, document preservation and destruction, and matter mobility (moving and transferring information into and out of law firms).

Want to learn more?

These are great resources for better understanding IG from a law firm perspective and how to move forward with developing a plan:

Do you consider IG as a top consideration at your law firm for structuring and planning your future communications, security, and regulatory protocols? If you’re still on the fence, make sure to check out our next IG post which will cover state and federal privacy compliance and the risks of not having a plan (hint – it will include examples of security breaches that have the potential to compromise client and law firm business information).

Simone Otenaike is a JD candidate in her third year at The University of Texas School of Law and covers legal technology trends at AgileLaw.


There are no comments.

Leave a Reply

Your email address will not be published.