Episode 16: Information Management Trends for Law Firms

Transcript:

Bill Tolson:

Welcome to the Information Management 360 podcast. This week's episode is titled, Information Management Trends for Law Firms. My name is Bill Tolson and I'm the of vice president of compliance and eDiscovery at Archive 360. With me today is Leigh Isaacs, director of information governance at DLA Piper in the US. Leigh, thanks again for joining me today for this podcast. Really looking forward to it.

Leigh Isaacs:

Thanks, Bill. I'm looking forward to it as well.

Bill Tolson:

All right. Let me kind of set the stage here. Many law firms, like many companies were not prepared with the onset of the pandemic and what that really highlighted was this need to look at collaboration software to kind of keep that employee communication going. And that was something that really caught a lot of companies by surprise. To quickly respond to the changes in work brought on by the pandemic and that is basically moving toward a remote workforce, companies of all types started looking at these new collaboration types of things. Now those companies had already been dipping their toes in the water and such but it really highlighted the requirement around Microsoft Teams and Zoom and others. It really wasn't necessarily because companies and I include law firms in that, were behind other industries in their infrastructure flexibility. Instead it was due to the nature of the business as well as longstanding face to face collaboration culture of especially law firms.

Bill Tolson:

I imagine that law firms had with their kind of culture of meeting face to face with clients and within legal teams being able to continue that via these new types of collaboration software was really an absolute must but like all other industries across the board, law firms had to adapt to mostly remote work and the challenges associated with adopting new collaboration applications to keep employees connected while managing ongoing information management processes in a legal environment. With that, Leigh, let's kind of dive into the discussion. I mentioned the rapid changes we all experienced when many of us were moved to a remote work model because of the pandemic, this inflection point triggered companies of all types in all industries, including law firms to very quickly adopt these new collaboration applications. Like I said, again like Teams and Zoom to facilitate the ongoing almost real time communications and data sharing that organizations experience when everybody's kind of working in the same building. Could you maybe talk a little bit about your firm's experiences and how you went about kind of adopting these new collaboration technologies?

Leigh Isaacs:

Yeah. And you hit on all of the points that resonate with me. Firms and all organizations did need to respond really quickly and law firms in particular. I think half historically had that kind of cultural nuance of wanting to have that face to face contact. We were using a lot of these tools but not in any sort of, I think meaningful way. And so we did have to pivot really quickly. Now at the onset of the pandemic, I was at my prior firm. I think our IT departments really at any firm did a heroic effort in kind of making sure that everybody had the remote access, that the network connectivity could support everyone and then increasing the availability of tools such as Teams or Zoom or things of that nature. And then there was that huge kind of training component behind all of that as well.

Leigh Isaacs:

Everybody had to not only adjust to the different dynamic of not working face to face anymore but kind of understanding how to navigate through these systems effectively. I think that there was a great rapid response to enabling businesses and firms to continue to work. And I'm sure every firm's had their own experience but generally speaking, in talking with my peers, things have been pretty successful. I think there was concern from the outset about the ability to continue to service clients effectively. And I think firms have been in many respects, pleasantly surprised at kind of how well that's gone. And I know we'll talk a little bit later about kind of hybrid workforce but I think it kind of had gone so well from that standpoint that we are kind of revisiting what our business models look like.

Leigh Isaacs:

One of the challenges though that I see now is because there needed to be such a quick response to enabling remote work, is that now we're playing a little bit of catch up as far as policy is concerned. And firms in particular, it's policy implementation is not something that happens overnight. There's lots of discussion, consensus building, all of that sort of thing. And so I think many of us, we've got a chance to breathe and we're taking a look at, okay, how do we go back and kind of adjust and account for those policy considerations? And what does it mean for what's happened over the last year and a half? And what does it being going forward?

Bill Tolson:

Yeah, that's a great insight. By the way. One of the things that I've run across is in talking to clients and also my history, I've actually been working remotely since about 2004. None of this was hopefully not new to me.

Leigh Isaacs:

Yeah, same here.

Bill Tolson:

One of the things that I've noticed and gotten comments about is this idea of the company culture needing to change to bring in that remote communication. One of the complaints that we've had ongoing is, well yeah, we have all these neat new collaboration tools but nobody really pays attention to them. Meaning gee, I'm trying to get ahold of somebody in New Jersey or in Chicago or something like that via Teams and either some of the team members have their Teams applications turned off or they just don't respond and so forth. And that's been an issue that organizations have to really, really drill into employees is everybody is dependent on everybody being in contact so you still have that back and forth and having updating or changing that corporate culture to say, "Yeah, you're respond to somebody when they're trying to get a hold of you in real time." It has been especially important.

Leigh Isaacs:

No, you're right about that. And at my prior firm, one of the things that we did from the outset was we realized that we needed to kind of set those expectations up front so people understood what it meant to be accessible and response times and the expectation that you may be remote but you're working, you're at your desk, you're available. Obviously within realistic expectations but that was something that was established and communicated. And there was an effort as well for managers and any kind of leaders of staff to have certain level of training or awareness because if you've not managed remote teams before, that's a whole other consideration that is not necessarily intuitive if you haven't done it. There was an investment in making sure that there was some awareness and resources available for people if they needed them.

Bill Tolson:

Yeah. No, it could be especially frustrating to not get kind of return acknowledgements when you're trying to get a hold of somebody. Most people are not doing it just to chat. It's more, hey, I have a question answer thing here. I just need a quick turnaround. If you have to wait days to get somebody to respond to a live chat message via Teams, then things aren't going to work out well. But I think that is changing in many, many companies now that people are having to rely on it. Even though we'll talk a little bit about here in the hybrid work environment, it's changing a little bit but in my experience, in working with other industries during this whole pandemic time and being caught, I would say flat footed but being surprised of this new move to a remote work environment, many IT departments went above and beyond in trying to bring in these new applications, these new collaboration applications to allows to work together.

Bill Tolson:

One of the things that we found early on was that many of these IT groups especially responding and grabbing up a free Teams license to give to their employees or bringing up Zoom and those kinds of things, just so employees could start talking to each was kind of a lack of consideration over the regulatory legal and information management considerations that they needed to think about when bringing on these new applications. I would assume and be surprised that obviously with DLA's background, you guys obviously were on top of this but have you run across this even within your own firm or even with your clients? And again, it was mostly the regulatory compliance and the eDiscovery aspect. Can I capture this content in real time if I have to place it on legal holds or if I need to archive it for regulatory reasons? And did they set that up correctly? And in many cases, the answer is no. And they were surprised after the fact.

Leigh Isaacs:

Yeah. And that's a good question. I think from the standpoint of privacy, security, those things obviously were paramount. And I think we did do a good job of taking a conservative approach. Enabling the functionality that was needed to continue business operations because there's a whole lot of things that Teams is capable of doing. You could open up the whole world of it and there's a whole lot to figure out on that front. I think that there were some strategic decisions made to be as conservative as possible, which we're now going back and taking a look at, does that still make sense? Should we revisit and enable different things or do things differently? But one of the challenges and I alluded to this in my earlier comment about policy, is around, I guess the quote unquote acceptable use.

Leigh Isaacs:

And so in firms we live and die by the client file. And where should that reside? What should belong in the DMS? What should belong in Teams? How do you or do you integrate the two? Did we set the retention policies right? What are we doing with chats? And so those are all things that we're taking a really hard look at now. We're provisioning Teams, obviously so we've got something related to a client matter our admin groups, the IG team is tracking all of that. We know that we have content that's related to a particular project or particular matter. From that standpoint, we have the awareness that we have content that needs to be managed and governed but as far as how those rules are actually applied is something that is getting a lot of focus right now.

Bill Tolson:

That's a great point. Policies are so important, that they be developed, updated and actually disseminated on a regular basis. And that every industry, I was the information governance consultant for many years and I'd walk into a company the first time and say, "Can I see your records retention policy?" And either they would hand me a half page Xeroxed a 100 times type of document that mentioned one type of document and it was actually created 1991 or they'd hand me a 300 page eight point typed document with thousands upon thousands of document the types on it that needed to be filed in a totally different manner from all the others. But creating those policies, having buy in, having the employee training and enforcement, enforcing that people follow is so important.

Bill Tolson:

We've mentioned a hybrid workplace environment a couple of times now and really we moved from the old way of doing things, everybody's in an office mostly and working together to almost complete remote workspace. And now I think with all the history under our belts, many companies starting to move more of a hybrid workplace environment. And by that, I mean a flexible workplace model that's designed to support a workforce of both in office and remote workers. And I know lots of companies are doing, well two days in three days out or things like that, just to kind of keep that in person to person camaraderie but still with the obvious understanding that it's mostly still safer everybody working remotely. I'm not sure how your firm, if they've moved toward hybrid yet but if they has, has this changed from a completely remote working environment to a hybrid workplace benefited or caused additional issues for law firm information management professionals like you, Leigh?

Leigh Isaacs:

Yeah. We are looking at the hybrid model. Our office is technically reopened October 18th but until after the first of the year, attendance in the office is not mandated. It's flexible. We're seeing a bit of the hybrid workforce evolve. I think we'll see the true impact of it after the first of the year. There's lots of discussions that are happening internally about that. I think one of the most notable benefits that's kind of come out of all of this and will continue to be supported by working in a hybrid environment is that firms have struggled for many, many years on getting the adoption of the electronic client matter file. Many attorneys have been still very dependent on paper and myself, my colleagues have been fighting that fight for quite some time to try to reduce the dependence on paper and the pandemic and the need to shift to remote work kind of made that business case.

Leigh Isaacs:

My hope is, is that now that we have started to adopt some of these digital business practices and the fact that we will continue to be working in a hybrid manner, will continue to support the less paper environment. As we're looking at kind of the flexible workings, I think the idea is, is that we look at reducing the amount of dedicated offices that we have. And again, there's much to be decided but perhaps there's going to be those flexible workstations. The idea that you can cord paper in your office, on your desk, even when you're in the office is not necessarily going to be an option going forward.

Leigh Isaacs:

I think too as an extension of that, one of the things that I've seen is a benefit to IG is really on the expense standpoint and just kind of looking at financials for the cost of moving paper files to and from our offsite warehouse, that diminished greatly. At my prior firm, it was to the tune of several thousand dollars a month that was being saved because we weren't just relying on calling those files back and people did shift to relying on the digital. That was kind of another happy byproduct of the situation that we found ourselves in.

Leigh Isaacs:

One of the things too that we're starting to see is that as we're looking at reducing real estate footprint and this is not a longterm thing but it's certainly something that's project based that we're managing is we're giving up space. We're having to do things. We're having to take action with the paper that has been accumulated and sitting there. And we've had to downsize staff so we're kind of balancing the resources to kind of support some of those initiatives. It's an interesting time but I'm actually looking forward minimizing the amount of paper that we have and that we're moving back and forth.

Bill Tolson:

Not too long ago, three, four years ago I remember one of the legal conferences that I attended, lawyers, attorneys, basically talking about wanting to move toward digital records and away from hard copy. And it's most mostly because some of them were spending a lot more time out of office just before the pandemic but there were laptops and stuff at client offices and things like that and they wanted to get access to as much data as they could instead of having to go back, request paper records, those kinds of things. It was speeding up their productivity and their ability to work with clients quickly as well. And obviously that has gone more to digital. I'm sure that's one of the reasons but there are other reasons as well, like you say, cost, floor space.

Bill Tolson:

One of the things that I hadn't thought about that made complete sense to me while I was talking to some of these lawyers is, well gee, they wanted to move to more digital, even go the next step and move toward cloud because they wanted to recoup that floor space in law firms that were being taken up by the IT folks because they wanted to put billable attorneys and staff in there. Floor space is valuable in law firms. If you could put billable attorneys and staff with billable hours in that same spot and everything done IT wise in the cloud, even better. The ROI on that is much better obviously, right?

Leigh Isaacs:

That's exactly right.

Bill Tolson:

I remember, Leigh, and we talked about this five, six years ago and I mentioned this to you, working with the Law Firm Information Governance Symposium. Basically I was editing their annual reports for them, a great group. And I think Leigh, you're still part of them. Is that true?

Leigh Isaacs:

I absolutely am.

Bill Tolson:

Great. Yeah, no fantastic group. And they would put out reports every year, usually anywhere from three to five, on very specific guidelines obviously to targeted directly at law firms. And one of the reports I edited had to do completely with outside council guidelines. For those listeners not familiar with the term, can you describe what an outside council guideline is?

Leigh Isaacs:

At a high level, I would define them just kind of specific agreements between the client and the firm setting forth kind of certain expectations from the outset of the engagement. And they cover a variety of different things, such as how matters might be staffed or billing expectations and that sort of thing. But on the information governance side, they'll generally set forth and a lot of the times it's driven by the client, whether it's compliance with their policies or things of that nature but on the IG side, it can be around how information needs to be stored or segregated or secured. And that's both on the physical and the electronic side. Clients are telling their firms how they want their information managed. Also kind of outlining expectations with regard to disposition of client files. There may be the desire to have the firm reach out to them at the end of the matter to take certain action with either a subset or all of their files.

Leigh Isaacs:

And those are things that need to be kind of carefully considered because you want to make sure that you're not agreeing to something that you can't comply with. And if it is outside of your policy or standard operating procedures, those are things that need to be addressed or taken into account for upfront. Sometimes we'll see things as specific as who at the client should be contacted to work with on those sorts of things. Every matter traditionally has an engagement that sets forth certain terms that the firm expects. And I think the client agreements are either often a replacement or an extension of those that most times are driven by the client expectations.

Bill Tolson:

In talking to several law firms over the years but also members of that Law Firm Information Governance Symposium group that was creating this report and again, this was several years ago but I was surprised that clients were specifying, for example, data retention disposition policies, maximum time periods to hold data, how the data had to be disposed of, things like that. And I know law firms were pushing back somewhat because you never know when that data's going to need to be used again, maybe on appeal or things like that. I know they were a little hesitant about deleting large amounts of information but I think that was probably by the clients was really a good information management practice that we don't want that data sitting around forever. When the case is completely done it's time to get rid of it. That to me, when I'm thinking about that, that's the eDiscovery data sets that the customer has given to the law firm to do discovery on those kinds of things. But I would assume that that did not include for example, attorney work product and things like that, right?

Leigh Isaacs:

Generally, no, it is mostly specific to any sort of data that the client would provide to us in support of the matter. Generally do not see those address the attorney work product.

Bill Tolson:

Okay. You mentioned security and that was the other thought. Back years ago, they weren't really addressing security but my guess is now the OCGs would. Are they basically asking for things like role based access controls or access rights, who has access? Have you run across an OCG client that's specifying for example, that maybe all of their data needs to be encrypted while being stored, those kinds of things?

Leigh Isaacs:

Absolutely. All of those things. We'll have some scenarios where even the email communications need to kind of have that higher level of encryption or dictating the way in which we will communicate with them. There's a very heavy security focus in the client agreements, the outside council guidelines. That was also, I think, a pretty strong driver of many firms pursuing their ISO 27001 certification because to be able to do that, kind of allowed you to fast forward through, a lot of the question and the requirements that the clients were setting forth.

Bill Tolson:

Not too long ago, probably last year I remember reading an article on data security and an FBI director, I think out of DC had mentioned that law firms were one of the biggest targets of cyber theft, just because of the kinds of data that law firms hold from their client. eDiscovery data sets and they're potentially talking M and A activity, all kinds of stuff. I know law firms have been a focus for years of cyber and obviously firms are well aware of this and probably take very, very extraordinary security around it. But it's one of those things that people don't necessarily think about. Maybe general counsels do, but the fact that all of this really sensitive data is with a given law firm and basically writing in those additional security capabilities.

Bill Tolson:

For example, data must be encrypted at all times, for example, unless it's being used and nowadays with technology, you can always keep data encrypted and still use it but also around personally identifiable information stuff should always be encrypted when it's being stored no matter what, whether it's on prem or in the cloud. And that's all the being adopted now very, very quickly because as you've probably noticed, the levels of cyber theft, cyber attacks, as well as ransomware and extortion ware have just skyrocketed in the last few years. And everybody, I read something this morning that said 60% of all companies, whether they know it or not has been hit by a cyber or ransomware attack in the last 12 months.

Leigh Isaacs:

I've heard something similar.

Bill Tolson:

Yeah, that's just amazing. I think obviously the law firms would be probably top of the list of knowledgeable organizations working with data security. Following that we've talked a little bit about before data loss prevention and it's been a hot topic for many years, I've written papers on it and blogs and all kinds of stuff. And for those of you who don't know what data loss prevention is or DLP, it's a set of technologies, products, techniques, processes that are designed to stop sensitive information from leaving an organization or in some cases from people not intended for it to be seen, having access to it. Meaning I should not be able to see the CEO's emails for example, but in reality, you don't want sensitive data leaving the enterprise unbeknownst and also unknown. Attachments to emails and those kinds of things. At a high level, can you describe how DLA approaches data loss prevention?

Leigh Isaacs:

Yeah. I think, you hit on one of the topics. It's not necessarily data loss prevention but kind of starts at the very beginning is firms generally, as a matter of course, one of the technologies that is core to the business is your ethical wall and security applications. Making sure that even internally those people who aren't supposed to see things they're not supposed to see can't. From an IG standpoint, we're very focused on some of the internal behaviors. Taking a look at the monitoring the firm's core system, so where is our client data sitting? And what activity is happening with it?

Leigh Isaacs:

We're looking at things like export activity, email activity, even printing, things of that nature. We're able to then generate some reports based on that. We've got our escalation protocols in place. And I think in this instance, IG is often uniquely positioned to understand what might be normal behaviors versus not. For example, if somebody exporting a 100 documents from the document management system, it could be because they're doing some sort of legitimate activity, like creating an electronic closing binder for one of our transactional matters but so we've got the monitoring in place, our escalation protocols in place. We obviously have other systems that are kind of monitoring on the IT and the information security side. IG is really focused on a lot of the internal user behaviors.

Bill Tolson:

And a lot of people don't consider that when I just talked about outside cyber threats and ransomware and all that kind of stuff but there is a lot of leakage from internal of a given organization or firm. And that's where things like zero trust architectures come in. The Idea that once you've logged into an enterprise, you have access to everything. That's one of the biggest issues on the security side that most companies are dealing with is and they've moved to something called zero trust, which is, doesn't matter if you've logged into the system or not, you still have to keep presenting yourself and getting access rights every time you move around or something like that. That's where you would not get into these issues that you've read in the papers the last couple years, privilege escalation attacks where somebody phishes somebody and they get into their thing and then they start working their way up the authorization chain.

Bill Tolson:

Zero trust is one of those things that really kind of shoots that down and stops that, especially that, well it looks like internal leakage but it could be coming from an outside person. But obviously within an organization, everybody in marketing should not have access to everything in finance, for example. Dangerous as well. But having those internal controls are especially important. I would imagine that the OCGs we talked about will eventually start looking at does the firm have zero trust architecture and role based access controls and all those other kinds of things?

Leigh Isaacs:

I think that's exactly right.

Bill Tolson:

On another subject, Leigh, many organizations across all industries have been moving, they call it digital transformation but have been moving toward more of a cloud-centric model. And I know and hopefully I'm not saying something that is derogatory about law firms in general but my experience, law firms have not necessarily been seen as technology early adopters.

Leigh Isaacs:

I would agree with that. I would most definitely agree with that.

Bill Tolson:

Good, good, good, good. I didn't say something I shouldn't have.

Leigh Isaacs:

Not at all.

Bill Tolson:

Can you maybe at a high level, give us an idea of how your firm looks at cloud adoption and what you've been doing?

Leigh Isaacs:

Yeah. It was actually refreshing when I arrived here to see that culturally, we are a firm that obviously very carefully but still embraces the cloud. Our transition, course it's still ongoing in some respects but the initiation kind of predated my arrival. But one of the things that I've come to learn about the firm is that we really are committed to being leading edge innovators. And it's a priority for us to enable our lawyers and staff to do what they do best, which is practice law, support our clients. That means we need to be able to support them and the work that they're doing with secure 24/7 access to the information and the systems that we need. And I think that a lot of the transition and the cloud adoption that we've had and will continue to have supports that. It also helps us continue to make sure that we've got some of the latest and greatest functionality within the systems that we use without overly taxing our IT resources. And that then kind of frees them up to focus on more strategic substantive initiatives.

Bill Tolson:

Well, we actually mentioned this a couple minutes ago. One of the reasons too, law firms are potentially looking at cloud computing is to free up that floor space in the office for billable attorneys and staff, moving all that IT stuff up into the cloud. But the cloud, and this is something I think not too long ago people didn't believe but now I think I've noticed healthcare providers, which hold very sensitive information, attorneys, law firms, things like that have really started to move toward the cloud because of several things.

Bill Tolson:

That freeing up some floor space, taking advantage of the economies of scale in the cloud. The dynamic scalability. But also you mentioned this, ease of access from anywhere. Along with the umbrella of security but again, I mentioned a while ago that attorneys have told me, "Gee, I need access to data, lots of data and I don't want to have to go back to the office to get it if I'm sitting in a client's office." Having that stuff available via accessing a cloud has really, I think, raised productivity up for most of the law firm professionals. But I would imagine and I don't know this for a fact, but does the adoption of cloud make your job easier or more challenging?

Leigh Isaacs:

It depends. I think that from an IG standpoint, it's important that you ask the important questions up front, as it pertains to any sort of action that you may need to take with your data, whether it's to search for it, disposition it, that wherever your data is, whoever it's with, is able to support kind of your policies, your operational procedures. And again, those are things that I think just need to be put on the table from the outset so there's that understanding. As we have looked at transitioning some of our systems, there's things that we need to look at such as reporting.

Leigh Isaacs:

For some of our on prem records management solution, our IT folks can or somebody on my team can run SQL queries and grab data out of the system as we need it, manipulate it, do quick updates, things of that nature. And it's important to understand what capabilities in that regard you'll continue to have or that you might lose. And if you don't have them, how are you going to accomplish those things that you may need to do on a routine basis? Those are some of the things that I think about and consider from an IG standpoint in making sure that things that are requirements can continue to be met going forward.

Bill Tolson:

Yeah, kind of a related, very closely related question are what are some of the evolving personnel skillsets that are now needed to support information governance in the move to the cloud? Are there new skillsets that you've never really thought about needing before as part of the information governance professionals group within your firm?

Leigh Isaacs:

Yeah. I think even absent cloud, the skillset of IG staff has seen and has had to see a lot of evolution over the last several years. As we've transitioned more away from paper to digital, it brings in all of those technology considerations that I don't think that those could have been the traditional records management roles had to consider or needed to have the skillset for. As the various rules and regulations around the world continue to increase and evolve and change, that's another area where it's not just about your retention schedules anymore. It's about access, where your data can reside. You mentioned encryption requirements and all of those sorts of things. Those really were not, I think, on the radar for records or IG staff several years ago. I think there's a whole other range of skills and expertise that even if you're not an expert, you need to have a level of familiarity and know when and where you need to engage an expert in certain areas.

Leigh Isaacs:

I think that that certainly has been something that it's going to continue to evolve because technology and the rules and regulations continue to. And I think that just the general approach to content management is changing. It's changing with the business need. I think that the idea of having once upon a time, I feel like there was the philosophy of there is a place, there is a repository to be putting your content and that doesn't meet the business needs anymore. And we're having to change our mindset to meet the business and the users kind of where they are. And so even from a I think a philosophical standpoint, we're having to shift in our thinking from maybe what felt like a bit of a rigid approach to understanding how we can meet in the middle and still address all of those IG and those compliance requirements but still enable efficiency and productivity.

Bill Tolson:

Yeah, absolutely correct and well put. I think in talking to IG professionals across industries, they are starting to talk about, like you say, not becoming experts but at least becoming sufficiently knowledgeable about things like data security, enterprise security, maybe even things like machine learning and AI. No one's going to ask an IG person to create a machine learning algorithm or anything like that but companies are now securing so much stuff and putting automation behind it that those people working with that data, trying to manage that data, at least need to understand what's being done, what the limitations are, why are they being asked to do certain things? And I think information governance professionals are now starting to embrace that as some new skillsets that they need to pick up as well.

Leigh Isaacs:

Yeah, I agree. And I've seen the increase, just kind of looking at the jobs that are being created in the market. There's more and more kind of IG technology roles that are specific to that. It's one thing to kind of be the IG generalist kind of like I am, overseeing the entire program but I'm seeing these specialty roles that are focused on that sort of thing increasing quite a bit.

Bill Tolson:

A question and I don't think I've ever asked this of you nor do I know the answer but do law firms in general need to look at things like longterm archiving, meaning 10 plus years of keeping data for whatever reason? But I know in other industries like healthcare, like financial services, even construction companies have very lengthy retention policies, 10 years, 30 years, 50 years and insurance sometimes 99 years. And you need to worry about things like, well is that data going to degrade over time? Does it need to be refreshed? Is the formats it's stored in going to be unreadable in 30 years? Those kinds of things. Is that a subject that you look at within law firms, this longterm kind of archiving requirement?

Leigh Isaacs:

Yes. And this is something that I think in speaking with a lot of my peers is definitely something that many are looking at. I think historically law firms haven't really had a big focus on that at least on the digital side. On the paper side, I'd argue that matters are inactive, files are inactive and we put everything in a box and send it to the warehouse where it lives out its life. And on the digital side, I think that it's important to have the same thing for a variety of reasons. Most of on the client matter side, retention is generally driven by the matter close date. At that point, the activity on the matter is generally over. There's not much happening at all but we then end up having to keep that stuff for much longer while we wait for the retention period to expire.

Leigh Isaacs:

And so for a variety of reasons, it doesn't make sense to keep it on our live and active systems from a security standpoint, just a storage standpoint and functionality of the system itself. I think it makes sense to make some decisions about what you do with that data and can you move it somewhere else when it doesn't need to be readily accessed? And looking to in our administrative type data, you always have people that are coming and going, whether it's attorneys, staff and there's data associated with them that needs to be retained. And so it makes sense in many aspects to again, archive that. It's not something that needs to be accessed. It's actually much better if you could put it somewhere where the general masses don't have access and you can restrict to maybe even only a handful of people while that content continues to age out.

Bill Tolson:

Yeah. And this is the same across all industries. You want to keep it accessible but secure at the lowest possible cost because who wants to pay a premium for something you might access once every 10 years or once a year even. Years ago, I wrote a paper for an eDiscovery solution provider about attorney work product reuse, which was a surprise to me but turns out at the time that was something that was readily used. Keeping the attorney work products, all the notes, all the stuff associated available so attorneys could reference it, go back in and use parts of their process, those kinds sort of thing and they could keep that stuff for long periods of time. But I see where we're getting close to the end here, Leigh, I think one final question to you is how do you see law firm information management evolving over the next five years, both as a profession but also as the new kinds of technologies that you might be dealing with?

Leigh Isaacs:

I think that we're going to see an increased reliance on automation tools, taking those routine business processes and applying the automation to it. I think that there's going to be an increased reliance on kind of the artificial intelligence machine learning. There's a lot of problems that can be solved by that but one of the things that plagues law firms quite a bit is just even around the basics of email filing and how do you capture that and how do you classify it? And I think that's even more important as I was mentioning earlier, when you're looking at things, you're not looking at one repository anymore, your data may be spread across multiple. How do you identify, classify and then manage all of that content according to your policy and other requirements that you're subject to. I also see, I mentioned automation but just more of a focus in general on business process improvement and efficiencies.

Leigh Isaacs:

I think ongoing reliance on tools to support the digital workplace. Scan and capture, digital signature tools, things like that. And then I also see just kind of from an inner workings perspective on the IG side, separation isn't the right word, but more distinction between kind of the strategy and the compliance oversight and the operations. A lot of IG teams are still kind of continued to focus on both. And I do see a bit more of a carve out where a lot of the dedicated IG focus and leadership is really more at that higher level and there's a separation and more of an integration on the operation side with some of the operations teams within the firm.

Bill Tolson:

That's really interesting. I agree with you, by the way, on all of that. Automation, along with machine learning and AI, I spent several years at a company called Recomminds, which was an eDiscovery solution provider that was one of the pioneers in predictive coding for eDiscovery so I was early on brought into the whole machine learning capabilities in the legal industry and working with judges and all kind of stuff around what that actually meant. It was huge savings in the review costs, but a lot of people were very at the time, I think this was in the 2012, 2013 timeframe, people were very leery about the black box kind of connotations around it. No one knows what that thing is doing. It's like, well, we can measure accuracy and it's 99% accurate. Versus a team of contract review attorneys going through a million documents, which would be anywhere from 40 to 60% accurate.

Bill Tolson:

It's really interesting, but I agree, I think obviously a lot more reliance on machine learning, AI, predictive analytics, things like that. We are already even getting into the mode now of doing things in the IT realm of predictive information governance, based on the content and context of stuff within a document or a series of documents or an Excel spreadsheet and having the machine learning, AI capability determine, is it something that needs to be saved? For how long? What repository should it be put in? And really taking that off the shoulders of the day to day employees, they weren't originally hired to be records managers. They were employed to do whatever they were employed to do and taking the responsibilities from them but also adding that additional consistency of computer algorithms and stuff I think is going to be huge, both in the information governance as well as in the legal realms.

Bill Tolson:

With that Leigh, I think that wraps up this edition of the Information Management 360 podcast. I want to thank you very much for this insightful and truthfully enjoyable discussion today on this really timely subject of law firm information management and how it's changing and going to continue to change. If anybody has questions on this topic or would like to talk to a subject matter expert, please send an email mentioning this podcast to information, I-N-F-O @archive360.com or you can send it directly to me, at bill.tolson, T-O-L-S-O-N @archive360.com and we'll get back to you just soon as possible. You can also email Leigh with follow up questions at leigh, L-E-I-G-H .isaacs, I-S-A-A-C-S @us.dlapiper.com. And also check back on the Archive 360 resources webpage for new podcasts with leading industry experts such as Leigh on a regular basis. And we're going to continue to put out hopefully meaningful but also in entertaining content. With that again, thank you very much, Leigh. I had a great time and hopefully we'll do more in the future. Thank you.

Leigh Isaacs:

Thanks, Bill. I did as well.