What Law Firms Need to Know About Information Governance

Let’s face it – lawyers produce a lot of documents, because they want “everything in writing.” No doubt your own firm produces a significant amount every week.

The dilemma is how to best manage the mounting paper and electronic files we collectively call “records.” What complicates matters is that courts and bar associations see most of these documents as “client files,” so they need to be handled with particular care. Considering courts are becoming less patient with law firms and their clients if they find that records were not properly secured or destroyed, it’s important to follow information governance standards and put your firm’s document management practices into written policy.

What is information governance? It is defined as the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.

Getting Started with Information Governance

The first phase of the process includes defining your firm’s policies and trying to get partners to agree on them.

Start by documenting your current practices.  This can be done fairly easily in small firms.  Make sure your file closing processes are compliant with State Bar retention schedules based on your practice type. Do you return original documents to clients?  Scan remaining documents into the file before destroying them? Document the date you closed the file?  If so, you actually have policy – you just need to document it and adhere to it. Next, take a look at your electronic documents: How do you organize them, store them and secure them?

Larger firms have the benefit of administration teams assigned to risk management, records management and information technology. Have those managers get together and document what is actually being done at your firm. Is email archived, and if so, what is the process and frequency?  If email is deleted after a certain time period, document the criteria that is used to reach that threshold.

First and foremost, your policies must comply with ethical and legal requirements. Be sure to review the ABA and California State Bar guidelines.

It’s also important to address security issues. Prospective new clients often ask for a firm’s security and electronic records policies before making a hiring decision. Be prepared to discuss these topics with sophisticated clients.

Making Sure It’s Done Correctly

Consider hiring a consultant to assist with information governance and preparing a written policy.  The fast-paced changes in technology can complicate matters, so outside expertise can prove invaluable. Client data can be stored on networks, flash drives and in the “cloud.” Technically these are all client files and need to be accounted for and secured.

It’s important that your records policy is comprehensive and encompasses all aspects of managing client data. Working with an outside party may help streamline the process, which is critical when it’s time for your firm’s partnership to define, review and refine your proposed policies.

Once your formal policies are in place, make sure all firm members read and understand the new policies your firm adopts, and provide them with training. Periodically audit the process and document when exceptions are made and why.

For assistance in developing your firm’s information governance policies, contact Terrapin Technology Group at 916-481-1991.