Five Key Steps of Data Disposition

21
Nov
2022

Editor

We live in an era in which data volumes are multiplying exponentially – representing a clear and present hazard for law firms from potential data breaches and the soaring costs of data storage. Here in part two of our data disposition series, Chris Giles suggests how firms can go about controlling data’s proliferation. 

Did you know that the total amount of data created, captured, copied, and consumed globally is forecast to reach an incomprehensible 181 zettabytes by 2025? Why does this matter to law firms? Because their product is information – and if they’re not careful they’ll drown in it. Excess data is dangerous both because of the mounting costs of data storage, and because of an increasing body of regulation covering how data, especially personal information, is handled. The sooner firms get on top of data disposition, the better; and here’s a five-step approach to doing so. 

1. Develop a data retention policy

The first step is to develop a retention and disposition policy that’s agreed by the firm’s management committee and signed up to by all staff. The policy needs to be backed up with processes and procedures that ensure its conscientiously followed. Processes might include  how physical and electronic records are destroyed; and a process for recording what, when and how destruction happens. At the heart of the policy sits the retention schedule. This is a living document that mandates when materials should be reviewed for further retention or disposition. 

2. Understand what you have

Firms next need to understand and locate all the data they hold, which can be complicated. Data will almost certainly exist in both physical and electronic formats. Aside from paper files and folders, physical data can take the form of video and audio tapes, photographs and floppy discs. It’s likely dispersed across locations from offices to basements to offsite archives. Law firms must remember that they’re also the stewards of administrative records such as HR files and financial records.

3. Allocate trigger dates

The next task is to allocate trigger dates for when some action ought to be taken in respect of any given piece of data: either when it should be sent off site, archived, destroyed or returned to the client. Returning material to clients is jurisdiction dependent. In the US, for example, clients should be contacted and given the option of having their matter materials returned or destroyed. 

In most of Europe, the requirement is to keep matter materials for at least five, and up to 10 years before destruction (in the Netherlands, for 20 years.)  Trigger dates for HR records will likely be a predefined period after the individual left the firm. Financial records are typically ready for review seven years on from the end of the financial year they relate to. Bear in mind that retention periods change from jurisdiction to jurisdiction, so for global firms, potentially from office to office. Also, the firm needs to pay attention to overriding factors that might alter the ‘standard’ retention period: including differing stipulations set out in Outside Counsel Guidelines and in Client Engagement Letters. 

4. Execute the policy 

Once the policy is in place, data located and trigger dates set, it’s a simple matter of executing the firm’s retention schedule. Well, perhaps not all that simple. In the beginning, and depending on the age of the firm, it might seem like a gargantuan task because there may well be a great deal of material to get through. In addition, everything slated for destruction needs to be checked to ensure that it’s neither of historic nor intrinsic value; that the client doesn’t owe the firm money; and to rule out the possibility that material might be needed in evidence for any future litigation against the firm. 

5. Get across the line 

Lastly, firms must ensure that data disposition actually happens. The big challenge is that no one is paying you to do it, yet it must be done if the firm is to avoid the risks of excess data retention. The final step, therefore, is to ensure that those individuals empowered to make destruction decisions make them. Otherwise, the whole exercise has been in vain. Getting data disposition “across the line” is greatly aided by technology. For instance, data engines can apply the firm’s retention policies and authorisation requirements automatically. Workflow processes can be deployed, and simple interfaces can bring all matter information together in one place for easy assessment. It’s the most efficient way to ensure that important data disposition gets done.

Find out more

Read part one of our data disposition series

Join LegalRM for the ILTA Product Briefing where we will demonstrate what we believe to be the most comprehensive and cost-effective IG platform on the market. LegalRM will show how iCompli can streamline the review cycle of (of both physical and electronic documents) by:

• Helping firms manage (electronic and paper) data consistently when it is held across numerous systems. Of course, the DMS and time and billing applications, but also in MS Teams and FileShares for example.
• Enabling collaboration and buy in to asset governance throughout the firm. (As let’s face it, even the best policies and processes will not be followed unless you make it easy for people to do what needs to be done).

Click here to register.