Knowledge Management in the Age of Need to Know Security
Knowledge Management in the Age of Need to Know Security
Double-edged Sword: Protect & Deliver
2016 was a banner year for cyber incidents as records breaches increased by 556% with more than four billion records leaked. The regulatory and client response has been significant. The regulatory side brought the introduction of the New York State Department of Financial Services(NYS DFS) cybersecurity regulation, in addition to pending other regulations such as the General Data Protection Regulation (GDPR) which also mandate security requirements. From the clients, the Association of Corporate Counsel (ACC) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information. The provisions of all these effectively create a standard of care for handling and protecting client data; that standard is fairly clear that firms must lock down access to only those who require it. This means that only those who clients authorize to have access to their matters can have it; this is commonly referred to as ‘need to know’ access.
Historically, firms have operated open access environments under the guise of knowledge sharing and collaboration. They must now fundamentally change an entrenched practice that has generally allowed everyone inside the firm access to clients’ sensitive documents. The challenge is that lawyers rely upon prior work product as the basis for new work product.
As firms scramble to comply with these new mandates, they’re concerned that locking down and limiting access to data repositories will impede knowledge sharing. They fear that cutting-off access to valuable work product will diminish operational efficiency, and that need to know access will destroy knowledge management. For those firms already thinking about the bigger picture and finding other ways to leverage their valuable data, need to know security may be an opportunity, not a hindrance.
Need to Know Access May Limit the Value of Prior Work
According to most indicators, electronic information is doubling every two years and will exceed 44 zettabytes by 2020. The amount of data firms manage has been growing, exponentially. Disappointingly, firms seem to have struggled to properly collect, maintain, and harness the vast array of data they process, or even make use of that which they already manage.
To enable their professionals to benefit from the wealth of experience learned from prior matters, firms allow lawyers to search for prior work product. It makes little sense to reinvent the wheel for every new, yet similar matter when lawyers can rather improve service delivery in terms of time and quality by re-using others’ prior work.
Logic dictates that implementing need to know access will throw a wrench in the works by limiting the pool of prior work product any one lawyer can search or access; specifically, it would limit them to re-using only the work product for certain clients from other lawyers who provide services as a team.
Many law firms’ document repositories already exceed tens of millions of documents; contrary to what some might assume, this actually may improve efficiency. This is because the more limited dataset being searched could ensure a greater relevance of results, making it easier to locate specific items that lawyers need, especially when searches are being conducted on such a regular basis. Nevertheless, this alone is not the answer.
The Solution for Efficiently Locating Prior Work: Matter Profiles and Experiential Data
The problem that needs to be solved is how to enable lawyers to find work product they don’t know exists and for which the firm does not yet have any published template. Firms need to enable their lawyers to find others’ work product. Thankfully, there is a solution.
If firms properly tracked and organized the correct metadata around their engagements and used it to create matter profiles, this challenge would be solved – and the firm would be positioned to improve numerous other aspects of its operation. Matter profiles are also beneficial to business development, marketing, and knowledge management. Having robust matter profiles makes searching far more powerful.
Matter profile search can readily drive key knowledge sharing needs. Profiles deliver a more holistic method for readily identifying the most appropriate work product, even when the lawyer already has access to the documents. Matter profiles provide better context as to the purpose of each document.
Some examples of the data that should be tracked in such profiles include:
- Matter type, sub-type
- Area of law
- Qualifiers or tags
- Deal / Demand / settlement amount
- Court / Location
Lawyers can track and easily find an appropriate matter and then request access to the data, without falling foul of maintaining need to know security. This ability to ‘pierce the veil’ allows a combination of need to know security while offering a method to enable awareness of the wealth of experience and prior work that exists within a firm.
These same matter profiles would also empower business development and resourcing decisions. Firms can make more intelligent decisions about where to invest and focus resources and marketing programs to improve pitch success rates. In this regard, that same metadata can drive:
- Opportunity Management for firms to track and forecast pipelines
- Proposal Generation to streamline and reduce costs and improve results
- Matter, Client, Lawyer, Staff, Vendor, and Other Profiles for better search capability; and,
- Comprehensive Firm Directory with integrated Experience Scoring to more quickly locate and identify appropriate personnel
Need to Know Security Doesn’t Apply to Public Data
The requirement to apply need to know security is not applicable to public data. As such, that data is easier to handle from a knowledge management standpoint. A significant portion of the data that law firms work with is or eventually becomes public. Examples of this type of data include pleadings filed in court (except for matters under seal, which are rare) and documents filed with most government agencies such as the SEC or UK Companies House. This data is still important to and plays and integral part of the broader firm knowledge management initiative. Although today it can be readily automated, prior to everything being made available in electronic format, lawyers manually created indexes to track this type of data; this included pleading indexes, closing indexes, bundles, and other various indexes.
Streamlining the creation of pleading and closing indexes is ‘low hanging fruit’ for process re-engineering. Ensuring the data is ordered in an optimal format is valuable to clients and lawyers for sharing and future re-use; almost all the valuable matter profile information is contained in these documents. Information such as closing dates or key court dates and transaction amounts are typically included in the closing index. A trained person can easily extract and capture such valuable metadata during preparation of an index.
Better Investments in Templates
In today’s competitive market for legal services, firms must be able to demonstrate expertise, understand cost structure, price competitively, manage a pipeline of work, and recognize opportunitites for cross-selling. Core to all of these processes is leveraging the firm’s data, and it goes well beyond knowledge sharing.
In the age of need to know security, the argument asserting the inherent value of sharing prior work product without any limitations can no longer eclipse the security needs and demands of clients. Rather, firm leaders should take the opportunity to invest in the right technology to complement the new processes. This includes better data collection and management as well as automation of processes such as creation of forms for volume practices. This is an opportunity to improve data practices overall. Everything firms do today is related and can be tied-together with the same core data—and the mandates of need to know security just provide another opportunity for improvement.
Want to learn more about Cybersecurity & Risk Management?
Read more about Cybersecurity & Risk Management from our solution page.
Check our related articles
There’s no scarcity of legal industry reports chorusing the refrain: margins are flat; corporate counsel are increasingly taking more work in house; law firms aren’t responding in kind. ...16 March, 2016No comment
Over the past year, we’ve seen an increase in the number of firms moving to need-to-know or pessimistic security for non-public data....19 June, 2018No comment