I was lucky enough to be able to join a session panel at this year’s ILTACON, along with other experts from different backgrounds. I also got to attend a range of educational sessions, from privacy law through information and data governance to executive security and risk management and, of course, the obligatory session on generative AI.
The event provided a chance to learn more about the needs and drivers of the legal technology community and, as a relative newbie, I was struck by its similarities with other industries with respect to information governance. The stories that linger include:
- An IT guy describing his firm forever retaining ALL of its data in archive storage on the expectation that a single email should be recoverable from a case closed years ago.
- A governance and information technologist concerned that privacy data minimization (or clean up as a general good practice) suggests indiscriminate disposal of data, for example, ignoring hold or retention requirements.
- A risk and compliance specialist seeking executive buy-in for data mapping and discovery initiatives and concerned that it might become a never-ending undertaking with lack of clear success criteria placing the effort in jeopardy.
- A consultant to many of the largest global legal companies explaining that they are all concerned about the risks inherent in the spread of unstructured data.
Delegates were concerned about increasing demands, from clients, for transparency while lacking the means to map or understand the firm’s data holdings. They consistently described over-retention as “rife”, to the point where there is no practical way the retained data could be leveraged, and yet its cost and risk is ever-growing. Further, they told stories of highly infrequent ‘feel good’ events (such as the ability to potentially recover a single long-lost email) reinforcing the belief that blanket retention is valuable, with little apparent concern as to its sustainability or attendant increase in breach blast radius.
The scope of information governance (IG) is broad in any industry, and especially in legal; from retention and disposal, through client matter lifecycle management to privacy compliance. Underpinning these requirements are a range of competencies, and with unstructured data growth continually accelerating, the attendees at our data mapping panel appeared to converge on the need for legal IG teams to develop an effective data discovery capability.
- In building competencies for data discovery and disposition, legal firms should be developing effective policy-driven triage processes which include “gates” or decision points which explicitly address legal holds and address the balance between privacy subject rights and consent and business retention requirements. Policies should account for storage context so that the appropriate retention is applied in the right repositories.
- Buy-in for data discovery tends to improve when the business is connected with its actual data holdings and practices, for example, through compelling visualizations of the data real estate. This is because business stakeholders do care about their data but find it hard to relate to the relevant governance concepts without clear examples or evidence of how it relates to them. In operationalizing data discovery as a key component of the intelligence and metrics of an IG policy, IG teams can bring evidence of data holdings to stakeholders in many ways including current data maps, areas of risk, retention performance and the effectiveness of personal information controls.
On the flight back from the event I reflected on how the legal industry, actually, feels different from all of the other industries I’ve worked with globally. Sure, it exhibits so many commonalities (as I noted at the start of the conference), in its IG problems and practices, and it is as motivated as any to leverage data in machine learning innovation. However, given the capacity through which legal firms advise all other industries on their obligations, the industry seems to have unique potential to play a wider role as a leader in practices for data and information governance. It has capable and motivated IG teams, clear drivers from clients to protect and govern its data assets, and a business model that can obviously be improved through innovation in information practices. This, ultimately, captures why I’m excited about ActiveNav’s investment in data discovery capabilities specifically with the legal industry in mind. If we can bring our Zero Dark Data North Star thinking to the legal industry then we stand a great chance of spreading the word elsewhere too.