The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/415101
w w w . C A N A D I A N L a w y e r m a g . c o m N o v e m b e r / D e c e m b e r 2 0 1 4 33 legal advice regarding e-discovery, litigation readiness, infor- mation governance, and privacy law. Proponents maintain it can mitigate law firms' risk of security breaches, add efficiencies to search and retrieval processes, and lead to operational efficiencies through cost savings in areas ranging from discovery to litigation to human resources. "Absolutely no question data security and privacy compliance and litigation readiness are all improved as you improve information governance because the special- ists who concern themselves with information are all assess- ing what information you have, where and how it is kept, who has access to it, and how are you going to try and protect it, and ensure that you have continuity for disaster recovery," asserts Kelly Friedman, a partner with Davis LLP who has T here is no doubt technology has increased ease and efficien- cy. but it has also created new challenges, and many law firms are struggling to keep pace with the deluge of electronically stored information they have to deal with. Information governance can help. Strategic co-ordination between various departments — information technology, records and informa- tion management, security, and privacy — is critical. This is, of course, easier said than done. "You are asking, in many cases, employees to think about information in a way that they have never done," points out Sheila Taylor, ceo of ergo Information management consulting. Here are some pointers from experts: Senior management buy-in and oversight is essential They should endorse and support information governance initiatives. Many organizations have established an advisory board, composed of key stakeholders of information, to guide and build governance policies and processes. Build a business case Information governance requires commitment and resources. A cost- benefits analysis can go a long way to convince naysayers. "what matters to partners is ease of access and costs," notes Kathryn Manning of wortz- mans. "If you can show through the cost-benefit analysis that they are going to be a more profitable partnership, they are going to want to do it." Identify gaps in current practices Assess risks to the organization, based on the biggest gaps. Determine whether additional information and analysis is necessary. Develop priorities and assign accountability for further development of the program. Ideally, establish a baseline to understand where you are now so you can figure out if you achieve any benefits by implementing the policy. "A lot of organizations have established a policy, have these lofty goals but really don't know if they have achieved it because they never established their baseline, and checked to see whether that baseline is improving or not," says Taylor Management/information governance advisory board must consult find out from employees who work in IT, records and information man- agement, security, and privacy what they want to see improved. often what employees want to improve is not necessarily what management had in mind. Use a sounding board when drafting policies, processes, and procedures. Ask them whether it makes sense, if it's practical, and if it's workable. "find out how they are working now, and find the way that will sort of compliment all of the different areas to the greatest extent possible," advises susan Nickle, general counsel at London Health sciences Centre. "If you have a handle on how people are doing things now, the less you have to change the way they are working, the more likely the new system will be adopted." Start small A pilot project is a good idea, ideally with a group that would like to be part of the exercise. A pilot project gives you an opportunity to find out what works and what doesn't so you can make improvements before you start rolling it out across the organization, and "hopefully save any embarrassment that otherwise might have occurred," says Taylor. Be patient Implementing information governance requires time, effort, and resources. Expect roadblocks at the implementation stage because "that's where you start asking them to make changes in their behav- ior," says Manning. Depending on the size and needs of an organiza- tion, it can take anywhere from four to six months from start to finish. Don't skimp on education and training "Law firms often under evaluate the change management resources they need to put in place to train people," says Dominic Jaar of KPMG LLP (Canada). "Develop a communications strategy and systematically remind people and support people through that change." Tailor training to the audience. Publish "Top 10" guidelines on information governance policy via cheat sheets, employee newsletter articles, and posters. Configure systems with information guidance alerts. Monitor and audit firms should monitor and evaluate key information governance pro- cesses on a regular basis to ensure the organization meets the goals of the program. "when all of those areas of specialty work together you can have a system," says Kelly friedman of Davis LLP. "It won't be 100-per- cent safe because you can never eliminate risk. But you will make every- thing easier — privacy compliance, e-discovery, finding things when you need them — because you have practices in place that are co-ordinated." — Lm EXPERT TIPS FOR INFORMATION GOVERNANCE