The Essentials of Information Governance for Law Firms - Part 2

27
Jul
2023

Chris Giles & Chris Hockey

In the first of two articles, Chris Giles and Chris Hockey drew on their experience to suggest why law firms now need to take information governance (IG) more seriously and how they should start with the creation of an IG policy. In this piece we cover how you can then make IG truly effective in the firm via the right steering committee, oversight and controls.  

How do you embed information governance (IG) in a law firm? Ownership is a critical component. Change management needs to be deployed so that everyone in the firm understands the importance of IG and takes some responsibility for their part in it.

A highly successful strategy deployed by Chris Hockey is to bring together a set of people that can steer the firm’s information governance strategy. That could be a specific ‘Information Governance Steering Committee’ or in the case of Chris’s firm information governance was added to the agenda of the existing Privacy and Security Committee, that meets monthly, is chaired by the firms CIO and has around 12 members, including the COO and the General Counsel. 

Additionally, and critically, it also comprises members who represent all the firm’s different practice groups, including people from different levels and locations. “We have some more senior members and some associates,” says Hockey. The membership is refreshed every January to ensure a continual infusion of new blood. “What we’re trying to do,” he says, “is to make change happen with the lawyers via this committee. If we can get the representative lawyers on the committee behind our ideas and efforts and really explain the challenges to them, it’s much easier for change to happen because they take it to their peers. Coming from lawyers instead of some guy higher up it has a bigger impact.”

Formal role

The formal role of the committee is to sign off on IG policies and some of the IG procedures that will enact policy directives. Its informal role is for members to act as emissaries and champions of change. Hockey’s always aware that without the cooperation of people across the business, IG is dead in the water. Hence the care with which he proposes actions to committee members and explains the rationale. “When the lawyers on the committee get behind something, it’s much harder for end-user lawyers to say no,” he says. 

Not all procedures make it to the committee. Hockey’s tactic is to identify those that might cause pushback within the ranks. “We bring these to the group to say: ‘This is what we are proposing, we need your help backing us up on this and helping us communicate it out.’ 

A good example is that the firm is pushing for a 365-day email retention policy. This is a big change management issue affecting everyone, so Hockey has elected to engage with the committee to identify how to go about communicating it and recruiting support. With smaller issues he’ll simply send out an email saying in effect: ‘FYI, we’re now doing it this way instead.’

Oversight and controls

Then as IG is rolled out, firms should establish clear objectives, define roles and responsibilities, and put in place standards and policies that govern how data is captured, stored, processed, shared and protected within the firm. There will be elements of data quality management, and compliance will be a big focus. A critical brick in the IG wall is culture. Firms need to nurture a culture wherein everyone thinks information is their business. 

Meanwhile the performance of policies needs to be enforced and monitored. This is somewhat down to resources. Either people need to be in a position to monitor and enforce activity, or systems do. For example, Hockey’s firm, BSK, has introduced a firmwide implementation of Microsoft OneDrive. This is helping eliminate the problem of ‘shadow IT’ where individuals used to save matter material where the wider firm couldn’t find it. 

Hockey also acknowledges he can’t monitor everything, everywhere, so is solving bigger problems first. For instance, he currently has a big push on email filing into iManage, because of the pain that departing lawyers cause their successors when matter-relevant emails can’t be located. “We’ve identified this as a priority, so one control is making sure lawyers have filed all their emails before they leave,” he says.

Upstream thinking

Another helpful strategy is ‘upstream thinking’. Essentially, rather than cleaning up data in every system, it’s about ensuring it’s complete and accurate in the primary upstream data repository. In BSK this is the firm’s new business intake system. Thereafter when data flows into other systems – e.g. iManage and the time and billing system – it needs no further attention. 

And part of cleaning up data is down to system design. For example, to rein in inaccuracies when online form filling at BSK, they looked at replacing some free text boxes with drop down options menus. By taking some elements of choice out of forms, the quality of data capture can be increased.  

For lasting change, firms also need to pay attention to continuous improvement, which means revisiting policies, processes, procedures and controls regularly to reflect the firm’s changing needs and changes in the external environment, including in technology and regulation. 

Chris Giles believes that overall, it’s a tougher journey for smaller firms, who don’t necessarily have the bandwidth, or the skill sets to hand with which to tackle all the elements of IG. But irrespective of size, he says IG will always be about building teamwork to ensure that it’s inclusive, comprehensive and consistent throughout, leading to a more efficient, effective and resilient firm. 

To find out more watch our ILTA Masterclass where Chris Hockey, Director of Information Governance and Management at Bond, Schoeneck & King, outlined the approach he’s taken at his firm, while Chris Giles of Legal RM supplied a sector-wide perspective. Click here to watch on demand.