Five IT lessons learned by law firms during the work from home transition
More than ever, information governance is critical. With companies and organizations working to manage the economic fallout from the COVID-19 pandemic, information governance professionals are more essential than ever. While the pandemic is sweeping the country and world, information governance professionals have a responsibility to step up and provide leadership by helping their organizations avoid or mitigate some of the information governance challenges likely to arise from the pandemic.
The information governance-related risks likely to arise from the pandemic
Information governance professionals are on the front lines of issues associated with institutional knowledge management, litigation responses and data privacy, all of which will be greatly needed in the immediate future. The current environment will trigger a number of business risks in the short term, for which information governance professionals must prepare their organizations. These risks include the following:
- Litigation. Inevitably, litigation will arise from the COVID-19. This includes personal injury claims, commercial claims and more. Just a few examples of the types of potential litigation include workers compensation claims, contract litigation including force majeure claims, claims arising from financial investments and potential employment discrimination cases associated with layoffs and terminations. Litigation involves finding information and records for discovery. We have never dealt with a pandemic like COVID-19, and many organizations will be searching for records never needed in previous litigation.
- Government oversight. The COVID-19 relief package from the United States government includes assistance for both companies and workers. Companies that received funds to prevent closures and layoffs will need to document and demonstrate that money was used in compliance with the law. Employees noticing improprieties will have whistleblower rights, and organizations must produce responsive evidence that the funds were used properly.
- Data privacy versus right to know. Organizations will face competing priorities of protecting employee and consumer privacy and the desire to protect others from the virus. They may subsequently be caught in the middle between those who feel their medical information was improperly disclosed and those believing they had a right to know who was infected. It is therefore important for organizations to document their process and decisions in an effort to minimize their damages.
- Work-from-home. Never have so many employees worked from home instead of an office. This means almost all records are electronic. With electronic records comes an array of storage systems, including shared drives, team sites, flash drives, hard drives, thumb drives and cloud storage. There are also issues of using secured networks that are not within the complete control of the organizations’ technology department.
- Collaborative tools. Many organizations began using Zoom and other collaborative tools quickly, with little thought about policies regarding the use of information gathered by these tools or how the organization records information from Zoom meetings and other collaborative tools.
- Loss of employees. Many organizations will lose employees through layoffs, job changes and, in the worst case, death. Each of those employees knows where “their” records are, but when others need to find the information, will it be available? Unfortunately, organizations will not be able to find those records if there is no forethought on how to store information in an organized fashion.
How information governance professionals can lead and mitigate risk
Information governance professionals are essential in mitigating these risks. The following are some of the core areas where they can provide crucial direction:
- Identify and apply the fundamental information governance policies. Each organization should already have in place a records policy and a records retention schedule. During this crisis, it would be irresponsible to ignore those policies. Organizations must be able to identify their information and records, retain what they need and dispose of information that has no value to the organization.
- Properly store information. With employees working from home, organizations, with the leadership of their information governance professionals, must set up proper storage sites for electronic information. These may include shared sites, team sites or other collaborative sites. The storage must also consider security issues and ensure that the information is only available to those who should have access to it. Information governance professionals also understand the importance of proper tagging and indexing of information to make it easier to find information created by others.
- Business continuity. Can your organization survive the worst-case scenario, whatever that may be? Information governance leaders must be able to identify vital records, know where those records are located, and ensure that those records are available during the circumstances of this crisis. The COVID-19 crisis creates unique challenges for retrieval of information since actual facilities are shut down or there is limited access to facilities. If any vital records are located in a facility with no or limited access, the Information governance professional must take appropriate actions.
- Compliance and enforcement. In crisis situations, adherence to policies can become lax. Information governance professionals must take the initiatives to ensure that record policies are applied and there is compliance. This includes the proper storage of information, the protection of sensitive data and disposition of data in compliance with the organizations’ policies. Since organizations’ employees are working from new locations, using new technologies and working isolated from other workers, information governance professionals should take additional and innovative steps to oversee compliance.
Empower information governance to help prepare for coming challenges
Most organizations will face some degree of disruption during and after this global crisis. Within a year there will be lawsuits and government investigations, not to mention the human toll caused by the pandemic. To minimize the long-term impact and help mitigate the associated risks, it is critical for organizations to empower their information governance professionals to plan and prepare now. While they may not “keep the lights on,” they will keep their organizations from going dark – indeed an essential function.