Information Governance

Size: px

Start display at page:

Download "Information Governance"

Jared Moody
8 years ago
Views:

1 Information Governance The New Records Management Rudy Moliere Director, Information Goverance & Records Management Terrence J. Coan, CRM Senior Director Information Management Practice

2 Agenda Introductions Law Firm Information Governance ( IG ) Think Tank Definition of IG in law firms Principles of IG Advisory Board to develop the framework in your firm Processes

3 IG Think Tank Symposium event sponsored by Iron Mountain Steering Committees focused on: Defining an IG framework It Takes a Village: Working together to managing IG Information Security Assessment Framework How to move forward with IG Nearly 50 practioners and thought leaders participated

Working together to managing IG Information Security Assessment

4 Law Firm IG Defined IG is an enterprise-wide approach to the management and protection of a law firm s client and business information assets. An effective IG Program: Enables lawyers to meet their professional responsibility regarding client information, Recognizes an expanding set of regulatory and privacy requirements that apply to firm and client information, and Relies upon a culture of participation and collaboration within the entire firm. With IG, firms are better able to mitigate risk, improve client service through increased lawyer productivity, and reduce the cost of managing the information needed to support the efficient delivery of legal services.

requirements that apply to firm and client information, and Relies upon a culture of participation and collaboration within the entire firm.

5 Law Firm IG Principles Educate all firm citizens regarding their IG duties and responsibilities Confirm the authenticity and integrity of information Recognize that the official record is electronic (assuming jurisdiction does not specify paper) Store information in a firm-approved system or recordkeeping repository Classify information under the correct client/matter/administrative code Control the unnecessary proliferation of information

jurisdiction does not specify paper) Store information in a firm-approved system or recordkeeping repository

6 Law Firm IG Principles Disposition information when it reaches the end of its legal and operational usefulness Secure client and firm confidential/personally identifiable information Comply with subpoena, audit, and lawsuit requests for information Conform all lines of business systems and practice group applications to IG standards Ensure third parties who hold client or firm information comply with the firm s IG standards

audit, and lawsuit requests for information Conform all lines of business systems and practice group

7 Law Firm IG Advisory Board: Participants Administrative Management (HR, Finance, Marketing, etc.) Business Intelligence Ethical/Legal Compliance Firm Intellectual Property IT System Administration/Infrastructure Information Security and Privacy Knowledge Management Litigation Support Risk Management Records and Information Management

) Business Intelligence Ethical/Legal Compliance Firm Intellectual Property IT

8 Processes Supporting IG Client IG Info Requests Matter Mobility Doc Preservation & Mandated Destruction Physical Records Mgmt Third Party Relationships Mobile Devices/ BYOD IG Processes Admin Dept Info Firm Intellectual Property & Knowledge Base IG Awareness Matter Lifecycle Mgmt Retention & Disposition IT Systems Admin Info Security

Devices/ BYOD IG Processes Admin Dept Info Firm Intellectual Property & Knowledge

9 Matter Lifecycle Management The process of capturing new client or matter information that is organized by areas of law/practice groups; includes: Engagement documentation and propagating client/matter authoritative information Systematic deactivation of matters at matter conclusion Manage matter file creation and organization Manage security and access protocol Determine close matter protocol

client/matter authoritative information Systematic deactivation of matters at matter conclusion

10 Information Security The process of controlling access to information via ethical walls and confidential access controls Includes the protection of personally identifiable information, confidential client information and remote access to systems Evaluate, select and implement ethical wall and matter-based security tools Implementing confidentiality policies and practices Electronic Closing Binder Filed Litigation Documents HIPAA PII APO

information and remote access to systems Evaluate, select and implement ethical wall and matter-based

11 Matter Mobility The process of moving matters and their associated information into and out of law firms Triggered by lateral moves, client terminations and other events Implement policy and protocols for Departing employees Onboarding employees Coordinate with IT, RM, New Business/Conflicts, General Counsel, HR re: accepting or releasing information

Implement policy and protocols for Departing employees Onboarding employees Coordinate

12 Mobile Devises / BYOD The process of providing guidance on compliance with firm policies / procedures with respect to acceptable use and security of firmissued and personally-owned devices; e.g., bring your own device (BYOD) Use of Firm Technology Policy Offer firm approved encrypted application such as Good app Provide secured remote connectivity

13 Firm Intellectual Property The process of capturing and preserving the firm s knowledge, operational, creative and historical artifacts that hold commercial, business or strategic value Includes marketing, branding materials, KM, contacts, firm initiative planning Creating Business and Legal Department matter numbers and Workspaces in DMS Educating Business Support leaders and Legal Department on the use of secured Firm approved repositories

materials, KM, contacts, firm initiative planning Creating Business and Legal Department matter numbers and

14 Administrative Department Information The process of managing the law firm s internal strategic and operational information Includes the preservation of vital records to ensure business continuity Establish Business Support Advisory board Identify administrative processes and establish business owners Provide guidance on functional requirements, system selection, and design and implementation

continuity Establish Business Support Advisory board Identify administrative processes and

15 Physical Records Management The process of creating and periodically revising operational guidelines for managing physical client information assets at the law firm Includes file folder structures and taxonomy Establish clear standard guidelines on receiving, maintaining and disposition of physical records Provide regional leadership to oversee function Train non-records staff on managing paper Discourage proliferation of paper records

Establish clear standard guidelines on receiving, maintaining and disposition of physical records Provide

16 IT Systems Administration The process of providing guidance on database administration; includes: Commissioning / decommissioning / developing systems Information migration Clarify system ownership and roles Maintain consistent communication with IT i.e., TechKnowlegy Committee IM/IT Team sites IM/IT relationship roles Defining protocols for the establishment and decommissioning of client team sites

17 Third-Party Relationships The process of ensuring consistent contracting language and defining Service Level Agreements ( SLAs ) that are compliant with firm policies regarding information access and protection Catalog the existence of third party collections Assign a process owner to oversee relationship Ensure that third party vendor is able to act on firm established disposition rules

access and protection Catalog the existence of third party collections Assign a process owner to

18 Client Information Requests The process of responding efficiently, consistently and appropriately to client requests regarding information governance Includes Request for Proposal responses, questionnaires, surveys, outside counsel guidelines, and audits Work with relevant business units to marshal, review, revise, communicate and post all existing guidelines

Proposal responses, questionnaires, surveys, outside counsel guidelines, and audits Work

19 Document Preservation & Mandated Destruction The process of preserving potentially responsive information, ensure the suspension of scheduled disposition Certifying custodial legal hold compliance during the discovery phase of litigation, investigation or audits Destroy information as mandated by the court or by agreement among parties Establish formal legal hold policy and protocol Coordinate effort with the OGC to ensure protection of relevant information Coordinate between RM and IT on the disposition of relevant information

Destroy information as mandated by the court or by agreement among parties Establish formal legal hold policy and protocol Coordinate

20 Retention / Disposition The process of applying lifecycle management practices to client and firm information, enacting disposition as authorized, and applying defensible disposition to legacy information Establish a retention / disposition policy and supporting protocol Determine the disposition capabilities of key line of business systems. Define a defensible disposition strategies for legacy information

information Establish a retention / disposition policy and supporting protocol Determine the

21 IG Awareness The process of providing guidance, proactive education and training to frontline support and local office administrators Team with Marketing to establish key messaging Conduct lawyer out reach and program promotion Develop and conduct formal CLE training

22 Questions?

23 Thank You! Contact Information Rudy Moliere White & Case LLP Terrence J. Coan, CRM HBR Consulting LLP DRAFT

NAVIGATING THE MAZE. 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona. 2013 CIO Roundtable Retreat

NAVIGATING THE MAZE. 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona. 2013 CIO Roundtable Retreat NAVIGATING THE MAZE 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona Information Governance Define your Process and Framework Agenda Information Governance Defined