Just a few years ago, information governance was a significantly simpler concept for firms than it is today: firms had records policies in place; information barriers or ethical walls were established at a relatively high, client-level; only occasionally would a firm be retained by a client in certain, specific industries wherein the handling of that particular clients’ matters required slightly more complex confidentiality processes. In special cases, more complex access procedures might be established, often on an ad hoc basis.
Gone are those halcyon days. Firms today face the central challenge of balancing workflows which empower vital efficiency and productivity on the one hand while meeting a vastly more complex information governance landscape on the other. To put it simply, one cannot be the sacrificial lamb to the other.
What has replaced these (now) nostalgic winds is a potent mix of legal and ethical requirements, sweeping operational changes within firms, and a driving force of client demands—and to be sure, clients are, in fact, driving. There’s no scarcity of legal industry reports chorusing the refrain: margins are flat; corporate counsel are increasingly taking more work in house; and, law firms aren’t responding in kind. This has been the landscape since 2008 and will continue to be so; it is no longer a seller’s market but a buyer’s.
Information governance processes are every bit at the intersection. Case in point is the recent spate of legislation, from The Safe Harbour laws which were recently invalidated back in October of 2015 by the European Commission to the most recent changes being driven by the EU-U.S. Privacy Shield. Successor legislation which will update the European Commission’s Directive on Data Protection, which initially took effect almost 20 years ago, is now in its final stages. In the U.S., lawyers must ensure they are HIPAA and HIPAA HITECH compliant. Lawyers must also be aware and work within numerous data protection initiatives in the US and EU (which continues to drive much of the data privacy legislation). Beyond that, the effects of numerous, high profile data breaches from the past several years are starting to work their way through and result in legislative and client directives. Financial clients are now auditing their outside counsel and holding them to much more stringent standards.
Information governance processes are far more complex because of these concomitant forces, especially with regard to those clients in the financial sector. Certainly, firms are aware of these demands for substantially enhanced information governance processes and have recognized the value of ISO 20071 certifications as well as placing their own internal restrictions around their internal data management. However, here may be the greatest challenge of all: in an economic climate where efficiency and productivity are vital, the price for implementing proper information governance processes cannot be exacted from the equally fundamental need to effectively deliver work smoothly and economically.
This central challenge of achieving efficiency and productivity simultaneously with maintaining proper information governance is only exacerbated as firms continue to experience mergers and acquisitions at a constantly accelerating pace, becoming broader and more complex organizations. Simply put, larger firms have more conflicts to manage and greater needs to more readily scale whatever processes they have in place.
On the heels of the 2008 downturn, productivity and efficiency gains were a go-to strategy for firms to shore up their margins; headcount reductions and resource optimization were quickly implemented across departments – secretarial pools, paralegals, and even first to third year associates. As firms are evolving and adopting more fluid workflows, they seek to implement infrastructure for collaborating more seamlessly across global geographies. These agile firms are embracing the legal supply chain—using metrics to comprehensively understand the cost of services and, as a result, resourcing work in the most cost-effective manner possible.
As a result, there’s much greater fluidity in team structures today, internally and externally. To support that, technology needs to be capable of working in a manner that will not negatively or adversely impact lawyers’ or other professionals’ ability to work collaboratively and efficiently while, at the same time, protecting the heightened information governance needs of today’s firms.
By default, firms are now being asked to limit access to client information to only those working on any particular matter for those clients; this means that technology needs to be capable of applying that security either at the matter level, the working group level, the practice group level, or at the client level. As different members of the team work on different aspects of the files or as professionals come in and out of any of those groups, whether it’s a floating secretary, staff attorney, or paralegal who works on a single document such as to perform cite checking, the firm must have technology in place that is capable of managing those needs in a seamless manner.
With fluid teams core to how firms look to efficiently staff matters, it is frequently the case that a staff lawyer, paralegal, or floating secretary may be coming in to perform work on only one particular part of a matter. Within the myriad of restrictions, this can prove exceedingly difficult to manage – especially at any level of scale. What might typically occur is that each request is directed to IT or a central Risk Team to decide on a case-by-case basis how to change and implement access requests. It simply becomes untenable to wait for that central team to manage such granular requests, which can be based on client, matter, part of a matter, or even at a document level. This is workflow implosion as resources wait hours – or even days – in the queue to deliver their otherwise cost-effective expertise.
The technology that can solve this must be both comprehensive and flexible. If technology can provide self-service options for the matter owner, then it empowers that owner to delegate to his team. The firm can meet the client’s confidentiality requirements and also meet its ISO requirements, without over-burdening IT or the Risk Team – and at the end of the day, the firm can manage more work; it has enabled everyone to remain compliant without losing its productivity and efficiency edge.