There is no doubt that technology has increased ease and efficiency. But it has also created new challenges, and many law firms are struggling to keep pace with the deluge of electronically-stored information they have to deal with. Information governance can help, say experts.
Information governance is a business process that takes a centralized, global approach to managing information. Strategic coordination between various departments – information technology (IT), records and information management (RIM), security, and privacy – is critical to avoid siloing. This is, of course, easier said than done. “You are asking, in many cases, employees to think about information in a way that they have never done,” points out Sheila Taylor, CEO of Ergo Information Management Consulting. Here are some pointers from experts.
- Senior management buy-in and oversight is essential. They should endorse and firm support information governance initiatives. Many organizations have established an advisory board, composed of key stakeholders of information, to guide and build governance policies and processes.
- Build a business case. Information governance requires commitment and resources. A cost-benefits analysis can go a long to convince naysayers. “What matters to partners is ease of access and costs,” notes Kathryn Manning, legal counsel at Wortzmans, a Toronto law firm specializing in information governance. “If you can show through the cost-benefit analysis that they are going to a be more profitable partnership, they are going to want to do it.”
- Identify gaps in the organization’s current practices. Assess risks to the organization, based on the biggest gaps. Determine whether additional information and analysis is necessary. Develop priorities and assign accountability for further development of the program. Ideally, establish a baseline to understand where you’re at now so that you can figure out if you have achieved any benefits by implementing the policy. “A lot of organizations have established a policy, have these lofty goals but really don’t know if they have achieved it because they never established their baseline, and checked to see whether that baseline is improving or not,” says Taylor.
- Management, or the information governance advisory board, need to consult. Find out from employees who work in IT, RIM, security and privacy what it is they want to see improved. Often what employees wants to improve is not necessarily what management had in mind. Use a sounding board when drafting policies, processes and procedures. Ask them whether it makes sense, if it’s practical, and if it’s workable. “Find out how they are working now, and find the way that will sort of compliment all of the different areas to the greatest extent possible,” advises Susan Nickle, former partner at Wortzmans and now general counsel at London Health Sciences Centre. “If you have a handle on how people are doing things now, the less you have to change the way they are working, the more likely the new system will be adopted.”
- Start small. A pilot project is a good idea, ideally with a group that would like to be part of the exercise. A pilot project gives you an opportunity to find out what works and what doesn’t so that you can improve upon it before you start rolling it across the organization, and “hopefully save any embarrassment that otherwise might have occurred,” says Taylor.
- Be patient. Implementing information governance requires time, effort, and resources. Expect roadblocks at the implementation stage because “that’s where you start asking them to make changes in their behavior,” says Manning. Depending on the size and needs of an organization, it can take anywhere from four-to-six months from start to finish.
- Don’t skimp on education and training. “Law firms often under evaluate the change management resources they need to put in place to train people,” says Dominic Jaar, national practice leader of information management services with KPMG LLP (Canada). “Develop a communications strategy and systematically remind people and support people through that change.” Tailor training to the audience. Publish “Top 10” guidelines on information governance policy via cheat sheets, employee newsletter articles, posters. Configure systems with information guidance alerts.
- Monitor and audit. Firms should monitor and evaluate key information governance processes on a regular basis to ensure that the organizations meets the goals of the program. “When all of those areas of specialty work together you can have a system,” says Kelly Friedman, a partner with Davis LLP, an expert in electronic information issues. “It won’t be 100 per cent safe because you can never eliminate risk. But you will make everything easier – privacy compliance, e-discovery, finding things when you need them – because you have practices in place that are coordinated.”
This story was originally published in the magazine Canadian Lawyer.