Legal firms store a significant volume of critical and confidential records, But in today’s data-driven world, how many of them are doing what it takes to ensure compliance and protect sensitive information?
Quick answer—not enough.
According to a new Iron Mountain research on professionals within the UK legal sector, document retention regulations and information management processes and policies—two of the most important components in ensuring compliance and managing informationrisk—were found lacking at a concerning number of firms.
To be fair, it’s not all doom and gloom. Most of the surveyed firms did have a high level of awareness and sensitivity towards the document retention process. For instance, 96% of respondents knew how long their organisation was allowed to keep documents. It’s just when it came to these executing on these policies, many had numerous “misunderstandings, inconsistencies and failings that needed to be addressed and amended. “
- 26% of organisations believed that there is a lack of consistency, process and strategy when it comes to digitisation plans and strategies.
- 20% of organisations agreed that employees struggle to understand digitisation plans and therefore make up their own rules.
- 56% of organisations reported that responsibility and accountability for paper-based and electronic documents falls in different departments.
- 30% of organisations agreed that too much remained on paper that no-one is accountable for.
Granted, these percentages aren’t staggeringly high. But employees making up their own rules, passing the buck on document retention to other departments or flat out having no accountability for paper-based records is nevertheless alarming. Security breaches and compliance violations don’t take much, so the barrier between secure information management and thousands of dollars in fines and untold reputation damage is razor thin.
How do you measure up?
To start, UK legal firms should consider the above metrics and ask themselves the following questions:
- Do I have a digitisation strategy in place?
- Is that strategy codified across organisations?
- What department owns data retention?
- Who is responsible for paper-based records? Digital?
If you cannot answer all of these questions confidently, your data retention policies might not be ideal. After all, it’s clear from the survey that there is not yet a high enough standard of streamlined processes among organisations, with different departments having their own practices and, therefore, potential failing.
For more on how UK Legal firms are handling data retention, we invite you to read the complete report, Documentation in UK Legal Firms