Why information governance matters to your firm
This sponsored blog post was also featured as a column in the October 2014 issue of Legal Practice Management magazine. To read the issue in full, download LPM magazine (13MB file).
Their information, your responsibility
A client recently asked me: “What is information governance? And why should it matter to my law firm?”
What is it, indeed? Someone in my PRISM International community (the trade association for information management companies) recently sent me this definition by Gartner, the information technology research and advisory firm: “Information governance is the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals.” Say what?
In layman’s terms, it means that if you hold information, you must control and govern it. Not just through security, which ensures external people such as hackers cannot access it, but internally too. There must be robust control systems in place which your practice should continually review, enforce and evaluate.
So let’s start by defining where the information within your legal practice actually is – it’s everywhere. I bet if you look up from your desk now, all you will see is information. Here’s a selection: physical client files; electronic records such as emails and word documents; client management software; metadata relating to client files that are controlled internally by you or externally by a supplier; scanned images, both internally and externally; client addresses and bank account details; database back-ups, whether they’re cloud-based, remote, on tape or portable hard drives; USB sticks, CDs, portable databases; and of course laptops, iPads, Blackberrys and iPhones.
It’s an overwhelming list, and it doesn’t stop there. There’s probably more information crawling around your office waiting to leap out on you if you turn over a few stones.
Be honest about information governance
How many practice managers can hold their hands up and say: ‘Yes, File Queen! I can confirm that here at Jones Smith & Co we have an information governance policy in place, whereby we evaluate security levels, access levels, test security of our back-up and offsite storage and enforce deletion of information in line with the practice’s record retention policy and information policy’?
Be honest. Can you say that? Really?
So I can hear you thinking: “Why should I care? Everything’s been OK up until now.”
Here’s the deal. Every practice manager, fee earner, partner and managing partner should care about information governance. The reputation of your practice is at stake, not only with your customers but also with the SRA and Law Society. You must be proactive about this.
There are big changes coming our way, and not just through changes in the Data Protection Act and ‘the right to be forgotten’, but through information policy enforcement from regulators and clients. You must be prepared.
Over the next three months I will be taking your hand and leading you down the path of information governance. I will be sharing tips, advice, practices, techniques and also recommending some great courses for you. You will come out the other side skipping.
At the end of this journey, I will also provide you with a link to some tools that will help you move toward having a practice with an information governance plan and target at its centre. Ready? Take my hand and come with me to an information governance nirvana.