The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/415101
32 N o v e m b e r / D e c e m b e r 2 0 1 4 w w w . C A N A D I A N L a w y e r m a g . c o m either through hackers, a break-in, a web site exploit, or a lost or stolen computer or smartphone, according to the 2013 American Bar Association "Legal Technology Survey Report." In Canada it's likely more of the same. Thousands of attempts to breach Ontario law firm systems were likely attempted last year, and most probably succeeded. "But we will likely never hear about them because firms that expe- rience breaches usually try to keep their names out of the news," points out Dan Pinnington, vice president of claims prevention and stakeholder relations at LawPRO. Almost overnight, cyber security has gone from a niche information technology issue to an explosive consumer issue to a top-of-mind business concern that is increasingly becoming a boardroom priority. None of which is surprising. Information is the lifeblood of modern business, and data is its new currency. Indeed, a report by the World Economic Forum goes further and describes data as a new asset class and personal data as "the new oil." "It's an asset that has value and therefore it needs to be governed in the same way that we look at our assets like our people, our equipment, and our money," says Martin Felsky, the national e-discovery counsel at Borden Ladner Gervais LLP in Toronto. But the mounting spate of high-profile data security breaches, along with ram- pant identity theft and a general lack of transparency in how personal data is monetized, is threatening to undermine the digital economy, notes the World Economic Forum. Information security and risk management, however, are complicated by the staggering amount of data generated by the average business today. Indeed, the digital universe is doubling in size every two years, according to global market intelligence firm International Data Corp. What's more, 90 per cent of the data in the world today was created in the last two years alone, and it has been estimated that more informa- tion is being generated now every two days than was from the dawn of civilization until 2003. With law firms, it's even more problematic because they have to deal with their own business information and clients' information, which is of course subject to confidentiality and solicitor-client privilege provisions. "There is no doubt that law firms are huge repositories of information," says Barry Sookman, a senior partner and former chairman of the technology law group at McCarthy Tétrault LLP in Toronto. "Depending on the areas of practice, they are collecting information, they are generating information, they are stor- ing information. So in a sense information is our critical resource, and it necessarily has to be managed." Thanks to the alarming surge of breaches and the incon- ceivable reams of data, clients are increasingly putting pres- sure — and in many cases, such as with financial institutions, demanding — higher standards on how outside counsel secure their data and manage access to it. A growing number of law firms determined to keep pace with the new challenges created by mounting security requirements and the data deluge are tackling the issues through a different prism, and turning their attention towards becoming shepherds of all the information in their hands by embracing a relatively new approach — information governance. Until recently information governance was only dealt with within narrow technical circles, but the enterprise-wide approach to the management and protection of a law firm's client and business information assets has gained increasing attention, especially over the past year. It is a business process that covers the management of all facets of information dur- ing its lifecycle, from its creation, use, processing, protection, management, all the way to its disposition. Information governance is much more than electronic records management on steroids. It encompasses data secu- rity, electronic discovery requirements, storage optimization, and privacy — and tries to foster efficient and appropri- ate data management that enables defensible disposal by effectively aligning information value to information cost. "Information governance basically describes how organiza- tions can better manage their information, their data, their knowledge, all of the things that in the world today are really how we work in the business world," says Kathryn Manning, legal counsel at Wortzmans, a Toronto law firm that provides "[INFORMATION] IS A LIABILITY IF IT IS NOT GOVERNED, IF IT'S NOT MANAGED, AND IF IT'S NOT RECOGNIZED AS AN ASSET AND TREATED AS SUCH." MARTIN FELSKY, BORDEN LADNER GERVAIS LLP "[INFORMATION] IS A LIABILITY IF IT IS NOT GOVERNED, IF IT'S NOT MANAGED, AND IF IT'S NOT RECOGNIZED AS AN ASSET AND TREATED AS SUCH." either through hackers, a break-in, a web site exploit, or a lost or stolen computer or smartphone, according to the 2013 American Bar Association "Legal Technology Survey GOVERNED, IF IT'S NOT MANAGED, AND IF IT'S NOT RECOGNIZED AS AN ASSET AND TREATED AS SUCH."