IT Roles in Loss Prevention. Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP

Transcription

1 IT Roles in Loss Prevention Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP

2 What is Loss Prevention (Risk Management)? Mitigate risk Protect the Firm s assets Departments can include: Records Management Conflicts Docket Audit Letters ARDC Registration IRS Reporting for Corporate Transactions Coordination of Lobbying Activity Reporting

3 What does this have to do with IT? We are protecting the I in IT The I is a primary Firm asset Improperly managing the I can create risk events IT is often the control point for the I

4 Types of Risk Wrongdoing - deliberate negligence Mistakes Bad policies Bad procedures Lack of knowledge Mismanagement Risk against the lawyer s duty to protect clients confidential information

5 Areas of IT Strategy Infrastructure/Networking Help Desk/User Support Desktop Applications Enterprise Applications Litigation Support Development

6 Strategy Risk must be assessed at every level of the overall strategic technology plan How information is captured/created/received? How it is accessed and by whom? How information is used and transmitted? How information is disposed of? How will systems integrate to reduce proliferation? Classification, retention and access

7 Risk vs. Impact (or Firm vs. User) High Risk Firm Low Risk Negative Business Impact User Positive Business Impact

8 Infrastructure/Networking/IT Security Data protection and security Decommissioning servers, laptops, desktops Backup tapes Disaster Recovery Removable Media Password change frequency Encryption Website traffic

9 Help Desk/User Support The belly of the beast Access to information Activity of information Adding Deleting Printing Copying/Transferring Often the warning system for risk events Business risk events Records risk events Using controls to manage the risk

10 Information Management Lifecycle (source: KPMG) Phase 2 Storage Access Control Structured v. Unstructured Integrity/Confidentiality ti Availability Phase 1 Generation Ownership Classification Governance Phase 3 Use Internal v. External Third Party Appropriateness Phase 7 Compliance Compliance & Audit Monitoring Process & Controls Phase 4 Transmission Public v. Private Networks Encryption Requirements Access Control Phase 5 Archival Legal & Compliance Offsite Considerations Media Concerns Phase 6 Destruction Secure Destruction Record Retention

11 Desktop Applications Lifecycle of information Capture/Create/Receive Use/Circulation/Transmission Short Term storage Long Term storage Disposition Locking down the desktop Applying ethical walls and protecting confidentiality

12 Enterprise Applications Determine personal control vs. Firm control Establish matter information owners Establish proper access controls Establish consistent, repeatable procedures for incoming/departing personnel and transferring information to the client Two biggies (automatic addresses, reply all, metadata, spam, retention periods) DMS (classification, retention, access)

13 Litigation Support Are you using internal staff to handle Firm discovery requests? The devil is in the details Consider outsourcing internal discovery Consider conflicts checks on lit support staff

14 Development Don t develop in a vacuum; requires coordinated effort to reduce proliferation of information Consider Lifecycle Access Classification Preservation Retention/Destruction Back-up

15 Key Issues Classification (structured vs. unstructured data) Retention, Preservation, Destruction (develop an exit strategy, how will you preserve, how will you securely destroy) Security, Protection, Access (ethical walls, confidential matters)

16 What if I don t have a Loss Prevention Department? General Counsel Litigation Partner Records Manager Malpractice insurance carrier ABA Model Rules of Professional Conduct Ethics Opinions BNA Lawyers Manual on Professional Conduct

17 Great resources Information Nation: Seven Keys to Information Management (author Randolph Kahn, Esq.) Thank you!