Information governance (IG) is simply how law firms control their information assets to achieve business objectives and mitigate risk. Firms need to pay attention to IG because otherwise they run bigger risks than they need to. Also, they won’t be leveraging the advantages of well organised information.
The risks include what happens when you fail to protect client confidentiality and maintain regulatory compliance. Firms that drop the ball here can face costly regulatory fines, professional censure, and perhaps most catastrophically of all, loss of client confidence, from which it’s extremely hard to recover.
IG should also support business continuity and disaster recovery planning. Bear in mind that when the firm’s information assets are well organised and protected, with back-ups and rehearsed business continuity procedures, the recovery from major incidents (fire, flooding, pandemic, cyberattack) will be much quicker.
The gains from IG
As to what firms gain from effective information governance: it can increase your productivity by enabling lawyers to retrieve data quickly and easily. It can also ensure colleagues and clients collaborate securely and seamlessly.
IG should embed effective records lifecycle management, including processes that systematically destroy old data and proactively manage increasing storage costs associated with cloud-based document management systems and MS Office 365, among other content repositories. It should help the firm identify gaps in systems or procedures that when filled will make information flow more effectively. It will help you gain the capacity to exploit knowledge management that leads to more timely and better-informed decision making. It can also make it easier for the firm to identify and adopt technology that will make the firm more efficient, whilst shinning a spotlight on high-risk legacy or defunct systems that have been long since forgotten and should be removed.
IG in practice
Clearly IG can be a great thing for firms, but what does it involve in practice? It boils down to a series of policies, processes procedures, roles and controls that help firms meet their information-related operational, regulatory, legal and risk requirements.
The IG effort can be led by IT, or by Records Management, or conceivably by Risk and Compliance or the General Counsel. Success doesn’t depend particularly on where IG sits in the firm, so much as on having a commitment to IG at the most senior management level in the firm.
It should ideally be driven by a member of the senior management team who takes ownership of areas like providing direction, setting goals and helping overcome obstacles. They also need to ensure that adequate resources are allocated to IG so that everyone in the firm knows and understands their role in relation to IG.
Because at the end of the day, effective IG takes a village, or at least a community across the whole firm that shares a single vision of why it matters. This way you have a far better chance of deriving the significant operational and competitive benefits that IG can confer.
How to embed IG in practice – including creating a policy, convening a steering committee and embedding change, oversight and controls – will be the subject of the next two blogs in this series.
To find out more watch our ILTA Masterclass where Chris Hockey, Director of Information Governance and Management at Bond, Schoeneck & King, will outline the approach he’s taken at his firm, while Chris Giles of Legal RM will supply a sector-wide perspective. Click here to register.
Chris Giles is CEO and Founder at LegalRM, which creates market-leading software, services and solutions for records, risk and compliance management and serves some of the world largest law firms as well as blue chip organizations from other industry sectors.
 See: ISO 24143:2022 Information and documentation – Information Governance – Concept and principles