Picture this scenario. You're a partner in a fast-growing practice. Your business is drowning in internal and external email data and your storage systems are stretched to the limit. Junk email, or spam, is appearing in staff inboxes, creating a potential security risk.
Worse still, that email document that was crucial to your biggest client's matter has disappeared. You have no idea whether it has been deleted, and why it was not backed up. You're concerned that your computer network is exposed and you could become the victim of a hacker.
Sound familiar? Things are probably not this bad, but your firm may be grappling with swelling volumes of corporate data which is stretching technology resources to the limit and creating confusion over the management and protection of client and company information. Often, law firms must keep this information for long periods of time.
The job is made even more difficult by the proliferation of instant messaging applications that are creating another channel of communication for some legal firms to manage. In addition, many professionals are using PDAs and other mobile devices to communicate with clients while out of the office. As with desktop computers, these devices must be kept secure to protect precious client data being stolen.
Many firms view information security as one of the most important risk and compliance focus areas. Seventy-four per cent of 147 senior risk and compliance experts surveyed for a recent SAI Global research report rated information security as either a very important or extremely important aspect of risk and compliance programs.
It is senior management's responsibility to ensure the correct IT systems and procedures are in place for compliance purposes. As a result, having a workable strategy to manage, store and protect this data to avoid loss and ensure compliance and good governance is crucial.
Law reforms to introduce new security rules
Firms undertaking security programs need to be aware of the Australian Law Reform Commission's (ALRC) review of the Privacy Act. Any amendments to privacy laws will change the way organisations can collect, store and distribute customer information.
The recommendations from the ALRC have law firms trying to come to terms with the potential for disclosure of lost data, proposed changes to credit reporting and employee records.
The introduction of these laws could provide new impetus for legal firms to ensure client data is appropriately managed and secured. This may include having to replace or at least modify existing technology systems, so it's important that firms review their infrastructure now.
Overcoming human error
Law firms need to be meticulous about the management and storage of email files and other related documentation. In most cases, firms cannot always rely on their staff to file critical client information and store that data in a safe and secure repository. Sydney-based finance and insolvency specialist Henry Davis York was one such company.
In a 2007 interview with The Australian newspaper, Kelvin O'Connor, the firm's CIO, summed up the predicament: "People are people and they will forget to file things. You need to have a backstop in there for compliance. You can't build in compliance where there are humans involved. You've got other management products, but you still need people to make decisions with them."
In 2002, the firm realised that having a case management system linked to its email client was just not enough to ensure compliance. Recently, the number of emails sent and received passed 3.7 million per year. Many of these messages involve confidential client matters and losing any of this critical information is simply not an option.
Henry Davis York eventually found an answer in a software-based intelligent archiving platform that indexes every email message and full text of any attachment, ensuring that any email document can be found quickly and easily. The company also replicates stored data at a remote site so it can recover data in the event of a disaster.
Craig Scroggie is the vice president and managing director of Symantec in Australia and New Zealand