‘Out of sight, out of mind’ a dangerous mantra for data management
Abrogating responsibility for the storage, retrieval and disposal of data could land lawyers in sticky legal situations, says one regional counsel.
Michael Bishop, regional counsel Asia-Pacific at CommVault, said lawyers are not being proactive enough about data management and should collaborate closer with their IT departments.
In a 'call to arms', Mr Bishop said in-house counsel and lawyers at private firms should radically reform their approach to information management.
Speaking to Lawyers Weekly ahead of seminars in Sydney and Melbourne, Mr Bishop revealed the findings of a white paper, which examined the issue in some depth.
“The problem is that we are all so focused on the amount of data that's out there and the growth of that data and the ways we can use that data – but we've kind of left the back door open because we are not making sure that we've done all our cross checks,” he said.
Mr Bishop believes legal teams should be involved in discussions about strategic data management along with the finance and marketing teams.
“Lawyers don't normally lead conversations [about data management]; they are only really brought in at the end when there's a major outage or there's a privacy breach or something else,” he said.
Lawyers are generally aware of the statutory requirements in relation to data storage but ignorant about where data is being stored, whether it can be retrieved in a timely fashion and the period of time before it will be deleted, he said.
“People aren't thinking deeper about ‘where is that data stored?’, ‘how is it being classified?’, ‘if I need that data quickly if there’s an ACCC request how do I actually get it?’,” he added.
Mr Bishop said lawyers were comfortable with the blanket seven-year storage requirement for most legal information but did not generally think “outside the box” when it came to possible legal issues.
For instance, when information might pertain to future legal proceedings, it may need to be kept longer, he said. But keeping data too long could also cause problems since under the Privacy Act firms have an obligation to destroy data if it has no primary purpose or essential secondary purpose.
Lawyers also need to think about data security and pay attention to whether data is being stored onshore or offshore.
“[Often] the responsibility is moved over to the cloud provider … but in reality you need to keep [an eye] on that even though it has gone out to a third party,” said Mr Bishop.
He said that best practice for lawyers was to work more collaboratively with CIOs and IT departments.
“And then not just leaving it there,” he continued. All relevant groups should communicate regularly and “talk about the whole information management lifecycle”.