Information governance and the protection of corporate data are top concerns for law firms. To ensure standards are met, some clients are now tying payment to compliance with Outside Counsel Guidelines (OCG). OCG have moved from guidelines to actual contracts that provide for indemnification of the client for cyber breach and violation of privacy laws, and require firms to explicitly secure the client’s data. 79% of legal departments now provide OCG to their law firms, a 30% increase over 2017, and OCG are overwhelmingly the most effective methodology for legal departments to control spend and mitigate risk.
To comply with the data side of the OCG, firms must have a clear information governance strategy for which the firm’s use of technology systems is foundational. Ensuring that the clients’ documents are organized, that nonpublic data is secured and that protocols are in place to allow for the destruction of data or its transfer when requested, are prominent aspects within that strategy. Firms can better deliver on clients’ needs through an effective IG program; specifically gaining these process improvements:
- Greater visibility into information assets (defined location and classification);
- Proper access control and security of information (use of firm-sanctioned systems with permissions);
- Ability to migrate to an electronic-first mind-set and cut down on paper with the official record housed in electronic format in the system of record (g., Document Management System) whenever possible, with exceptions for policy carve-outs;
- Defined user expectations by role for proper file maintenance (electronic and paper);
- Ability to locate and purge information per retention schedules (application of policy to all documents regardless of location or media);
- Reduction in off-site storage needs and costs (destruction of legacy documents, a decrease in future documents going off-site, and purging of remaining off-site records per retention schedules); and
- Auditing protocols in place to ensure defensibility.
How to Implement IG: Am Law 100 Firm Example
Implementing these changes can be onerous and complex, which is why many firms benefit from an outside expert to advise and oversee the implementation of their IG programs. We recently worked with an Am Law 100 firm to do just that. The voluminous amount of extremely sensitive material the firm handles, coupled with a sense that neither firm-wide standard practices or the integrated use of company systems aligned with proper user behavior were in place, meant that OCG compliance was going to be tough to demonstrate in the firm’s current state. Recognizing these shortfalls, the firm’s leadership decided to leverage the expertise of a consultancy firm to navigate, implement, and ensure compliance with their information governance mandate.